aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/network/tcpdump.md
diff options
context:
space:
mode:
Diffstat (limited to 'src/network/tcpdump.md')
-rw-r--r--src/network/tcpdump.md31
1 files changed, 31 insertions, 0 deletions
diff --git a/src/network/tcpdump.md b/src/network/tcpdump.md
new file mode 100644
index 0000000..fdaf911
--- /dev/null
+++ b/src/network/tcpdump.md
@@ -0,0 +1,31 @@
+# tcpdump(1)
+
+# CLI
+
+```markdown
+tcpdump [opts] -i <if> [<filter>]
+ -n Don't covert host/port names.
+ -w <file|-> Write pcap trace to file or stdout (-).
+ -r <file> Read & parse pcap file.
+```
+
+Some useful filters.
+```markdown
+src <ip> Filter for source IP.
+dst <ip> Filter for destination IP.
+host <ip> Filter for IP (src + dst).
+net <ip>/<range> Filter traffic on subnet.
+[src/dst] port <port> Filter for port (optionally src/dst).
+tcp/udp/icmp Filter for protocol.
+```
+
+> Use `and/or/not` and `()` to build filter expressions.
+
+# Examples
+
+## Capture packets from remote host
+
+```makrdown
+# -k: Start capturing immediately.
+ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i -
+```
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 05:23:02 +0000