Installing

Linux

tcpdump should come with your distro, but if it doesn't, use aptitude or your package manager to install:

apt-get install tcpdump

Once you've done that, you can list your network devices:

iwconfig

Pick out which ones you want to listen to.

Mac

tcpdump comes with Mac. Man page for tcpdump: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/tcpdump.1.html

List your network devices:

ifconfig

Pick out which ones you want to listen to.

Usage

You will need to run tcpdump as sudo.

Unfiltered Packet Capture

The simplest way to use tcpdump is to do an unfiltered packet capture - no filters on packets, so everything is captured.

To do this, specify which device you want to listen to with the -i flag. Also specify an output file with the -w flag:

tcpdump -i en0 -w output_file.pcap

-w prevents your computer from having a meltdown trying to print every single packet in a busy place.

You can also monitor multiple interfaces by specifying a list: -i en0,en1

Wireless Packet Capture

If you want to capture wireless packets, you need to know a bit more about channels.

The 802.11 protocol allocates 12 channels for wireless (in the US), and your wireless card can only listen to one channel at a time. To listen to twelve channels, you need twelve wireless cards - or you need to hop from channel to channel with your single wireless card.

If it is critical to capture all traffic, you will want to use multiple wireless cards - if you're hopping from channel 5 to channel 6, and traffic shows up on channel 4, you won't see it.