It looks like there is no alternatve to wireshark or tshark. But never fear... An alternative is here! TCPFLOW. On Ubuntu (ofcourse), you can install it via apt-get install tshark Some examples: → tcpflow -i eth0 -c -e With this one you'll see all the traffic for your network card. Add the -s parameter if you see too many gibberish passing by. It will convert non-printable traffic into periods. → tcpflow -i eth0 -c -e port 80 Only interested in datastreams to port 80, use the command above. Use: → tcpflow -i eth0 -c -e host 192.168.1.1 if you're only interested in traffic from- or ment for 192.168.1.1. But there is more. If you do not use the -c switch, tcpflow will create for each datastream a separate file. Add the -b parameter and the files created can be limited in filesize. Do keep in mind that tcpflow is not in development anymore and it cannot handle fragmented ip packets.