Quite useful if you have a low-powered device such as an OpenWRT device or a device that's low on space and need to log.
On the server, a common misunderstanding is that you should use both -l and -p which is wrong.
nc -l 9999 > fullcap.pcap
Client, disables login on ports 22, 53, 80, 443 and 9999.
tcpdump -s 0 -U -n -w - -i eth0.2 port not 9999 and port not 53
and port not 80 and port not 443 and port not 22 | nc 192.168.20.11 9999