pcap

basic filter

pcap filter expr “host 10.1.1.2”

start/stop

pcap start|stop

info/stats

pcap info

show statistics and info about the packets captured to make sure you got what you were looking for

pcap transfer

send the files via ftp to a remote host so you can open in wireshark and analyze

pcap transfer ftp://ftp.example.com username password