diff options
author | Johannes Stoelp <johannes.stoelp@gmail.com> | 2022-03-13 16:46:10 +0100 |
---|---|---|
committer | Johannes Stoelp <johannes.stoelp@gmail.com> | 2022-03-13 16:46:10 +0100 |
commit | 33d74c3b33394769a2040ff451fbfdfd58e9bf92 (patch) | |
tree | 7f48980566cac7710ea67d76afefbd0afea5574d /src/network | |
parent | 1be3a8c1400debd5239b23db2686faab3276c59c (diff) | |
download | notes-33d74c3b33394769a2040ff451fbfdfd58e9bf92.tar.gz notes-33d74c3b33394769a2040ff451fbfdfd58e9bf92.zip |
added tcpdump
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/README.md | 4 | ||||
-rw-r--r-- | src/network/tcpdump.md | 31 |
2 files changed, 35 insertions, 0 deletions
diff --git a/src/network/README.md b/src/network/README.md new file mode 100644 index 0000000..80ecc7b --- /dev/null +++ b/src/network/README.md @@ -0,0 +1,4 @@ + +# Network + +- [tcpdump](./tcpdump.md) diff --git a/src/network/tcpdump.md b/src/network/tcpdump.md new file mode 100644 index 0000000..fdaf911 --- /dev/null +++ b/src/network/tcpdump.md @@ -0,0 +1,31 @@ +# tcpdump(1) + +# CLI + +```markdown +tcpdump [opts] -i <if> [<filter>] + -n Don't covert host/port names. + -w <file|-> Write pcap trace to file or stdout (-). + -r <file> Read & parse pcap file. +``` + +Some useful filters. +```markdown +src <ip> Filter for source IP. +dst <ip> Filter for destination IP. +host <ip> Filter for IP (src + dst). +net <ip>/<range> Filter traffic on subnet. +[src/dst] port <port> Filter for port (optionally src/dst). +tcp/udp/icmp Filter for protocol. +``` + +> Use `and/or/not` and `()` to build filter expressions. + +# Examples + +## Capture packets from remote host + +```makrdown +# -k: Start capturing immediately. +ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i - +``` |