Good example of a one liner to trace traffic using tcpdump command to log to a file, suitable for running in the background. The file can later be opened in Wireshark.
It also rotates the file hourly which makes it quicker to download logs only for a specific time period.
This example is listening for traffic from/to port 80.
nohup tcpdump -pni eth0 -s65535 -G 3600 -w '/root/tcpdump/trace_%Y-%m-%d_%H:%M:%S.pcap' port 80 &
If the tcpdump will run for a longer time or generates a lot of large log files, you easily create a separate cronjob that runs find with mtime and does a “rm” of old files.