tcpdump

    tcpdump 
     -w <output filename>
     -r <input filename>
     -i <interface>
     -c <packet counts>

     -n   # don't convert address and port to names
     -e   # show link level header 
     -v   # verbose output
     -xx  # print the data of each packets with link level header in hex
     -XX  # print the data of each packets with link level header in hex and ascii
     -ttt # print a delta between current and previous line

     arp
     icmp
     port <port number>
     host <ip address>

wireshark

    wireshark 
     -r <input filename>
     -R "read filter"

To know detail of read filter, see man page of wireshark-filter