The format of tcpdump command

Tcpdump only captures packets whose content satisfy expression (the format of is defined ). E.g., dump all HTTP protocol packets:

After inputting “Ctrl+C“ to terminate the tcpdump process, it also showed statistics of packets:

“packets captured” records the packets received and processed by . There are also “packets received by filter”, “packets dropped by kernel” and “packets dropped by interface” statistics. These items are fetched through pcap_stats API and depend on the underlying Operating System, so I would not elaborate them here.