root@guserver:/home/lichao# tshark -f "host 10.0.2.47" -i eth0 -c 20 -T fields -e ip.src -e ip.dst
Options:
-f: filter settings;
-i: capture interface, Run tshark -D to print interface list.
Name and number both OK;
-a: capture autostop condition. For example: -a duration:60;
-T: only print some parts of the output. For example: -T fields;
-e: specify which parts are printed when -T field;
-c: Set the maximum number of packets to read when capturing live data.
For example -c 20 means quiting tshark after 20 packages are readed;
-w: save output to some files;
See man tshark to details.