Please note that you have to be the root user to use this command because it puts the network card in promiscuous mode.
# tcpdump -i eth0 -A -s 0 udp port 1514 and host 192.168.0.1
The example above command listens on port 1514 which is the port ossec-hids uses on its secure communication between server/agent.
-i Listen on interface. -A Print each packet (minus its link level header) in ASCII. -s Snarf snaplen bytes of data from each packet rather than the default of 68 (with SunOS’s NIT, the minimum is actually 96). Setting snaplen to 0 means use the required length to catch whole packets. udp - listen to UDP traffic port - the port you want to listen to host your host IP address