I much prefer wireshark because, well, I forget command line options. But today I had to run tcpdump because the server didn't have X and I would have been beaten up by our good sysadmins if I'd installed wireshark and all its dependencies (and maybe vnc) for a very short session :-).
So I read the fine manual and ended up with:
tcpdump -i eth3 -n -p -w tcp.log -c 100 -s 1024 'dst port 12345'
After which, I just scp'ed the tcp.log file and started it up in wireshark with "wireshark tcp.log".
No doubt I'll need to learn more tcpdump filter syntax when I need to do that again :-). Fortunately, that was sufficient for the immediate need.
