tcpdump

#  INSTALL
sudo apt install tcpdump

# use wlan0 interface to capture data
sudo tcpdump -i wlan0

# get a list of interfaces
sudo tcpdump -D
sudo tcpdump -i 2   # use number that represents the interface

# stop default of converting addresses to names
    -n    # above || filter like only show arp or ip or icmp packets
    -v    # add time to live  (ttl) total length
    -e    # mac layer, ethernet, eee, etc
    -A    # prints in ascii
    -c    # number of packets to capture
    src, dst   # list with an ip
    -x    # print hex output without the link level header
    -xx   # print hex output with link level header
    -X    # same as -x+ascii
    -XX   # same as -XX+ascii
    -tt -ttt -tttt    # adds timestamp, more t's more time info
    -t    # deletes all timestamps
    -w    # write output to a file
    -r    # read the pcap file that was written with -w
    not tcp   # add onto the end will not include tcp 
    
    # check if website is not securing your password || use ngrep
    sudo tcpdump -A -i 2 | egrep -i 'pass=|pwd=|password=|username=|un=|usr=|pw=|pass |user ' --color-auto --line-buffered -B20   # then go login on the website