diff options
author | Johannes Stoelp <johannes.stoelp@gmail.com> | 2022-03-13 16:46:10 +0100 |
---|---|---|
committer | Johannes Stoelp <johannes.stoelp@gmail.com> | 2022-03-13 16:46:10 +0100 |
commit | 33d74c3b33394769a2040ff451fbfdfd58e9bf92 (patch) | |
tree | 7f48980566cac7710ea67d76afefbd0afea5574d | |
parent | 1be3a8c1400debd5239b23db2686faab3276c59c (diff) | |
download | notes-33d74c3b33394769a2040ff451fbfdfd58e9bf92.tar.gz notes-33d74c3b33394769a2040ff451fbfdfd58e9bf92.zip |
added tcpdump
-rw-r--r-- | src/SUMMARY.md | 3 | ||||
-rw-r--r-- | src/network/README.md | 4 | ||||
-rw-r--r-- | src/network/tcpdump.md | 31 |
3 files changed, 38 insertions, 0 deletions
diff --git a/src/SUMMARY.md b/src/SUMMARY.md index c32741e..4062e92 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -54,6 +54,9 @@ - [coredump](./linux/coredump.md) - [ptrace_scope](./linux/ptrace_scope.md) +- [Network](./network/README.md) + - [tcpdump](./network/tcpdump.md) + - [Arch](./arch/README.md) - [x86_64](./arch/x86_64.md) - [arm64](./arch/arm64.md) diff --git a/src/network/README.md b/src/network/README.md new file mode 100644 index 0000000..80ecc7b --- /dev/null +++ b/src/network/README.md @@ -0,0 +1,4 @@ + +# Network + +- [tcpdump](./tcpdump.md) diff --git a/src/network/tcpdump.md b/src/network/tcpdump.md new file mode 100644 index 0000000..fdaf911 --- /dev/null +++ b/src/network/tcpdump.md @@ -0,0 +1,31 @@ +# tcpdump(1) + +# CLI + +```markdown +tcpdump [opts] -i <if> [<filter>] + -n Don't covert host/port names. + -w <file|-> Write pcap trace to file or stdout (-). + -r <file> Read & parse pcap file. +``` + +Some useful filters. +```markdown +src <ip> Filter for source IP. +dst <ip> Filter for destination IP. +host <ip> Filter for IP (src + dst). +net <ip>/<range> Filter traffic on subnet. +[src/dst] port <port> Filter for port (optionally src/dst). +tcp/udp/icmp Filter for protocol. +``` + +> Use `and/or/not` and `()` to build filter expressions. + +# Examples + +## Capture packets from remote host + +```makrdown +# -k: Start capturing immediately. +ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i - +``` |