diff --git a/sbin/packet-capture.sh b/sbin/packet-capture.sh
new file mode 100755
index 0000000..37c9bb6
--- /dev/null
+++ b/sbin/packet-capture.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# Capture network packets for later replay on dev machines
+#
+# This should be run as root via a service.
+#
+
+OUTDIR="$(realpath "$(dirname "$0")/..")/var/pcap"
+OUTNAME="capture-$(hostname)-$(date -u +%s)-$$-pcap"
+OUTPATH="$OUTDIR/$OUTNAME"
+
+# Inputs:
+#
+#  4461/UDP: GPS NMEA
+#  4462/UDP: AIS NMEA
+# 30000/UDP: Navigation system headers
+# Not all inputs will be present in all systems.
+#
+EXPR="udp and (port 4461 or port 4462 or port 30000)"
+
+if [[ ! -d "$OUTDIR" ]]; then
+    mkdir "$OUTDIR"
+fi
+
+# The size of each capture file is 50 MB (-C 50)
+# and it will use a ring of 1000 files (-W 1000).
+# The capture packet size is unlimited (-s 0).
+#
+# 50 MB (47.7 MiB) is about one day's worth of data
+# so in theory it shouldn't overwrite files even if
+# it was running continuously for over two years.
+# NOTE: The above figures do not include AIS data.
+
+echo "Logging to: $OUTPATH"
+echo "Expression: $EXPR"
+
+tcpdump -n -s 0 -W 1000 -C 50 -w "$OUTPATH" "$EXPR"