sudo /usr/sbin/tcpdump -i any -s 0 -n -Z someuser -C 500 -W 100 -w /home/someuser/$(hostname).pcap -f '(port (80 or 8080) or portrange 21-22)' &>/dev/null
Flags used here:
-i interface: use the interface network interface.-s snaplen: read snaplen bytes of data from each packet rather than the default 262144.-n: don't convert addresses (i.e., host addresses, port numbers, etc.) to names.-Z user: run as user instead of root.-C file_size: write maximum file_size bytes to a single file.-W filecount: limit the number of files created to filecount.-w file: write output to file.-f: print IPv4 addresses numerically rather than symbolically.With &>/dev/null we redirect both the standard output and the standard error to /dev/null.
Requires tcpdump.