=======TCP dump=======

If you ssh into a computer and want to use tcpdump to view traffic, ssh (22) can be excluded
  tcpdump -i [interface] -n 'port!22'
Capture traffic leaving a host
  tcpdump -pi [interface] src host [hostname]
Watch for traffic leaving one network and entering two other networks
  tcpdump -pi [interface] src net [network] and dst net [network2] or [network3]
  tcpdump -pi [interface] src net 128.128.252.0/28 and dst 192.168.11.0/24 or 192.168.12/24
Capture UDP packets from an interface in HEX
  tcpdump -XX -I [interface]  port [UDP port]