tcpdump -i eth0 -n not arp and not port 53 and not port 22


# syn/fin
tcpdump -ni en0 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
tcpdump -i eno2 ether host 'xx:xx:xx:xx:xx:xx'
tcpdump -i eno2 ip host \( 1.2.3.4 or  4.3.2.1 \)
tcpdump -n icmp # watch for pings
tcpdump -i eth1 not arp and port 53