tcpdump supports the “ether” qualifier to specify ethernet addresses in the standard colon-separated format. For example, to capture any broadcast traffic,
$ tcpdump ether dst ff:ff:ff:ff:ff:ffTo capture any traffic sent to or from a given MAC address,
$ tcpdump ether host e8:2a:ea:44:55:66(Here the first three octets identify the MAC in question as belonging to an Intel NIC, e8:2a:ea being an OUI assigned to Intel.)