Using CentOS or Red Hat Enterprise Linux (RHEL) 5, install and run Wireshark over the command line. To install Wireshark, use yum:
yum install wireshark
Run a capture:
tethereal -i eth1 -w ~/mycapture.pcap
This command will run a Wireshark capture on the eth1 interface and output the data to a file called mycapture.pcap in your home directory. You can then view this file in the X11 interface for Wireshark or grep it for specific information.