From 33d74c3b33394769a2040ff451fbfdfd58e9bf92 Mon Sep 17 00:00:00 2001
From: Johannes Stoelp <johannes.stoelp@gmail.com>
Date: Sun, 13 Mar 2022 16:46:10 +0100
Subject: added tcpdump

---
 src/network/README.md  |  4 ++++
 src/network/tcpdump.md | 31 +++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 src/network/README.md
 create mode 100644 src/network/tcpdump.md

(limited to 'src/network')

diff --git a/src/network/README.md b/src/network/README.md
new file mode 100644
index 0000000..80ecc7b
--- /dev/null
+++ b/src/network/README.md
@@ -0,0 +1,4 @@
+
+# Network
+
+- [tcpdump](./tcpdump.md)
diff --git a/src/network/tcpdump.md b/src/network/tcpdump.md
new file mode 100644
index 0000000..fdaf911
--- /dev/null
+++ b/src/network/tcpdump.md
@@ -0,0 +1,31 @@
+# tcpdump(1)
+
+# CLI
+
+```markdown
+tcpdump [opts] -i <if> [<filter>]
+    -n              Don't covert host/port names.
+    -w <file|->     Write pcap trace to file or stdout (-).
+    -r <file>       Read & parse pcap file.
+```
+
+Some useful filters.
+```markdown
+src <ip>                Filter for source IP.
+dst <ip>                Filter for destination IP.
+host <ip>               Filter for IP (src + dst).
+net <ip>/<range>        Filter traffic on subnet.
+[src/dst] port <port>   Filter for port (optionally src/dst).
+tcp/udp/icmp            Filter for protocol.
+```
+
+> Use `and/or/not` and `()` to build filter expressions.
+
+# Examples
+
+## Capture packets from remote host
+
+```makrdown
+# -k: Start capturing immediately.
+ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i -
+```
-- 
cgit v1.2.3