Filter incoming (on interface) traffic (specific ip:port) and write to a file

tcpdump 

tcpdump -ne -i eth0 -Q in host 192.168.252.1 and port 443 -c 5 -w tcpdump.pcap
  • -c [num] - capture only num number of packets
  • -w [filename] - write packets to file, -r [filename] - reading from file
click the source code to copy install tcpdump on any operating system with command-not-found.com