To capture and record specific protocols or ports using TCPDump, you can use the -p flag to disable packet capture of protocols other than those specified. For example, to capture only TCP packets, you can use the following command:
tcpdump -p tcp
To capture packets on a specific port, you can use the -p flag in combination with the port filter. For example, to capture packets on port 80, you can use the following command:
tcpdump -p port 80
You can also use the -p flag in combination with the src port or dst port filters to capture packets from or to a specific port. For example, to capture packets from port 80, you can use the following command:
tcpdump -p src port 80
To capture packets to port 80, you can use the following command:
tcpdump -p dst port 80
You can also combine multiple filters using logical operators such as and, or, and not. For example, to capture packets from port 80 or port 443, you can use the following command:
tcpdump -p 'src port 80 or src port 443'
You can also save the captured packets to a file using the -w flag. For example, to save the captured packets to a file called capture.pcap, you can use the following command:
tcpdump -p 'src port 80 or src port 443' -w capture.pcap