Display top destination ports using tcpdump

tcpdump -tnn -c 2000 -i eth2c0 | awk -F "." '{print $9}' | awk -F ":" '{print $1}' | sort | uniq -c | sort -nr | awk ' $1 > 50 '

Modifying the script to fit your needs:

-c is the number of packets to capture

-i is the interface to capture on

"> 50" will display the counts over 50



Sample output:
hafw1[admin]# tcpdump -tnn -c 2000 -i eth2c0 | awk -F "." '{print $9}' | awk -F ":" '{print $1}' | sort | uniq -c | sort -nr | awk ' $1 > 10 '
tcpdump: listening on eth2c0
442 80
151 443
129 8443
128 1749
71 1748
53 4620