pts: When set, a list of arguments needed to capture
    from stdin. Otherwise, attempts to guess.
:param linktype: A custom DLT value or name, to overwrite the default
    values.
:param wait: If True (default), waits for the process to terminate before
    returning to Scapy. If False, the process will be detached to the
    background. If dump, getproc or getfd is True, these have the same
    effect as ``wait=False``.

Examples::

    >>> tcpdump([IP()/TCP(), IP()/UDP()])
    reading from file -, link-type RAW (Raw IP)
    16:46:00.474515 IP 127.0.0.1.20 > 127.0.0.1.80: Flags [S], seq 0, win 8192, length 0  # noqa: E501
    16:46:00.475019 IP 127.0.0.1.53 > 127.0.0.1.53: [|domain]

    >>> tcpdump([IP()/TCP(), IP()/UDP()], prog=conf.prog.tshark)
      1   0.000000    127.0.0.1 -> 127.0.0.1    TCP 40 20->80 [SYN] Seq=0 Win=8192 Len=0  # noqa: E501
      2   0.000459    127.0.0.1 -> 127.0.0.1    UDP 28 53->53 Len=0

To get a JSON representation of a tshark-parsed PacketList(), one can::

    >>> import json, pprint
    >>> json_data = json.load(tcpdump(IP(src="217.25.178.5",
    ...                                  dst="45.33.32.156"),
    ...                               prog=conf.prog.tshark,
    ...                               args=["-T", "json"],
    ...                               getfd=True))
    >>> pprint.pprint(json_data)
    [{u'_index': u'packets-2016-12-23',
      u'_score': None,
      u'_source': {u'layers': {u'frame': {u'frame.cap_len': u'20',
                                          u'frame.encap_type': u'7',
    [...]
                                          },
                               u'ip': {u'ip.addr': u'45.33.32.156',
                                       u'ip.checksum': u'0x0000a20d',
    [...]
                                       u'ip.ttl': u'64',
                                       u'ip.version': u'4'},
                               u'raw': u'Raw packet data'}},
      u'_type': u'pcap_file'}]
    >>> json_data[0]['_source']['layers']['ip']['ip.ttl']
    u'64'
Nz