diff options
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/README.md | 4 | ||||
-rw-r--r-- | src/network/tcpdump.md | 31 |
2 files changed, 35 insertions, 0 deletions
diff --git a/src/network/README.md b/src/network/README.md new file mode 100644 index 0000000..80ecc7b --- /dev/null +++ b/src/network/README.md @@ -0,0 +1,4 @@ + +# Network + +- [tcpdump](./tcpdump.md) diff --git a/src/network/tcpdump.md b/src/network/tcpdump.md new file mode 100644 index 0000000..fdaf911 --- /dev/null +++ b/src/network/tcpdump.md @@ -0,0 +1,31 @@ +# tcpdump(1) + +# CLI + +```markdown +tcpdump [opts] -i <if> [<filter>] + -n Don't covert host/port names. + -w <file|-> Write pcap trace to file or stdout (-). + -r <file> Read & parse pcap file. +``` + +Some useful filters. +```markdown +src <ip> Filter for source IP. +dst <ip> Filter for destination IP. +host <ip> Filter for IP (src + dst). +net <ip>/<range> Filter traffic on subnet. +[src/dst] port <port> Filter for port (optionally src/dst). +tcp/udp/icmp Filter for protocol. +``` + +> Use `and/or/not` and `()` to build filter expressions. + +# Examples + +## Capture packets from remote host + +```makrdown +# -k: Start capturing immediately. +ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i - +``` |