Using TShark Linux Command Line

sudo tshark -c 100 -i eth1 -f "port 80" -w test.pcap

sudotshark - run tshark elevated
-c - capture packets
-i - interface
-f - filter
-w - write to file

sudo tshark -r test.pcap


-r - read file

Rememer to set your interface to promiscuous mode

ip link set eth0 promisc on

For DNS Requests use:

sudo tshark -c 100 -i eth0 -f "port 53" -w test.pcap 

Use Netstat to check interface flags for promiscuous mode:

netstat -i eth0

-i - interface