From 33d74c3b33394769a2040ff451fbfdfd58e9bf92 Mon Sep 17 00:00:00 2001 From: Johannes Stoelp Date: Sun, 13 Mar 2022 16:46:10 +0100 Subject: added tcpdump --- src/SUMMARY.md | 3 +++ src/network/README.md | 4 ++++ src/network/tcpdump.md | 31 +++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+) create mode 100644 src/network/README.md create mode 100644 src/network/tcpdump.md diff --git a/src/SUMMARY.md b/src/SUMMARY.md index c32741e..4062e92 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -54,6 +54,9 @@ - [coredump](./linux/coredump.md) - [ptrace_scope](./linux/ptrace_scope.md) +- [Network](./network/README.md) + - [tcpdump](./network/tcpdump.md) + - [Arch](./arch/README.md) - [x86_64](./arch/x86_64.md) - [arm64](./arch/arm64.md) diff --git a/src/network/README.md b/src/network/README.md new file mode 100644 index 0000000..80ecc7b --- /dev/null +++ b/src/network/README.md @@ -0,0 +1,4 @@ + +# Network + +- [tcpdump](./tcpdump.md) diff --git a/src/network/tcpdump.md b/src/network/tcpdump.md new file mode 100644 index 0000000..fdaf911 --- /dev/null +++ b/src/network/tcpdump.md @@ -0,0 +1,31 @@ +# tcpdump(1) + +# CLI + +```markdown +tcpdump [opts] -i [] + -n Don't covert host/port names. + -w Write pcap trace to file or stdout (-). + -r Read & parse pcap file. +``` + +Some useful filters. +```markdown +src Filter for source IP. +dst Filter for destination IP. +host Filter for IP (src + dst). +net / Filter traffic on subnet. +[src/dst] port Filter for port (optionally src/dst). +tcp/udp/icmp Filter for protocol. +``` + +> Use `and/or/not` and `()` to build filter expressions. + +# Examples + +## Capture packets from remote host + +```makrdown +# -k: Start capturing immediately. +ssh tcpdump -i -w - | sudo wireshark -k -i - +``` -- cgit v1.2.3