Develop

src/index.html

@@ -112,7 +112,21 @@ <h1><i class="material-icons">build</i> tools</h1>
             </div>
             <div class="title">sonarqube</div>
           </a>
-        </div><!-- inject a new cheat sheet tools -->
+        </div><div class="item">
+                                <a href="./tcpdump/index.html">
+                                    <div class="img-item">
+                                        <img src="./assets/images/tcpdump.svg"/>
+                                    </div>
+                                    <div class="title">Tcpdump</div>
+                                </a>
+                            </div><div class="item">
+                                <a href="./iperf/index.html">
+                                    <div class="img-item">
+                                        <img src="./assets/images/iperf.svg"/>
+                                    </div>
+                                    <div class="title">iperf</div>
+                                </a>
+                            </div><!-- inject a new cheat sheet tools -->
       </div><!-- inject a new cheat sheet tools -->
       </div>
     </section>

src/tcpdump/first-side/column1.md

@@ -0,0 +1,34 @@
+# INTRODUCTION
+
+Tcpdump is a command-line tool to capture and analyze network trafic packets.
+
+# INSTALLATION
+
+Tcpdump is often installed by default. Verify with:
+`sudo tcpdump --version`
+
+If tcpdump is not present, install it with these commands:
+
+___Debian/Ubuntu___
+`sudo apt-get install tcpdump`
+
+___Redhat/CentOS___
+`sudo yum install tcpdump`
+
+# LAUNCH
+Sudo is necessary to launch tcpdump
+`sudo tcpdump`
+
+# LAUNCH AND WRITE THE RESULT IN A FILE
+
+`sudo tcpdump -w <file>`
+
+Create a file named file.pcap. A pcap file can be read later on Wirehark:
+___To make sure to have the rights to read/write the file, launch the command with "-Z" option to specify your local user:___
+`sudo tcpdump -w <file.pcap> -Z <localuser>`
+
+Create a file named file. It can be read later with tcpdump or direcly with "cat" command:
+`sudo tcpdump -w <file> -Z <localuser>`
+
+
+

src/tcpdump/first-side/column2.md

@@ -0,0 +1,38 @@
+Create a file named file.txt. It can be read later with "cat" command:
+`sudo tcpdump > <file.txt>`
+
+The size of the file can be configured with "-C" option and a size in million bytes (1 MB = 1 000 000 bytes):
+`sudo tcpdump -w file -C 1`
+
+# FILTERING PACKETS FOR AN INTERFACE
+
+List all interfaces:
+`sudo tcpdump -D`
+OR
+`sudo tcpdump --list-interfaces`
+
+Listen to the interface named intf:
+`sudo tcpdump -i <intf>`
+OR
+`sudo tcpdump --interface=<intf>`
+
+# FILTERING PACKETS BY PORT
+
+Filtering by portnum (port source or port destination):
+`sudo tcpdump port <portnum>`
+
+Filtering by a portnum TCP:
+`sudo tcpdump tcp port <portnum>`
+
+Filtering by a source port:
+`sudo tcpdump src port <portnum>`
+
+Filtering by a destination port:
+`sudo tcpdump dst port <portnum>`
+
+
+
+
+
+
+

src/tcpdump/index.html

@@ -0,0 +1,48 @@
+<html>
+  <head>
+    <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700|Droid+Sans:700" rel="stylesheet">
+    <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
+    <link rel="stylesheet" href="../common.css">
+    <link rel="stylesheet" href="../common/lib/atom-one-light.css">
+    <link rel="stylesheet" href="./@@folder.css">
+  </head>
+  <body>
+    <input type="checkbox" id="showPreview"/>
+    <div class="first-side">
+      @@include('../../dist/common/first-side/header.html', {"title": "tcpdump cheat sheet", "subtitle": "Analyzing network packets", "imageName": "@@folder"})
+
+      <main>
+        <div class="column1">
+          @@include('../../dist/@@folder/first-side/column1.html')
+        </div>
+        <div class="column2">
+          @@include('../../dist/@@folder/first-side/column2.html')
+        </div>
+      </main>
+
+      @@include('../../dist/common/footer.html', {"class": "print-only"})
+
+
+    </div>
+
+    <hr class="no-print"/>
+
+    <div class="reverse">
+      @@include('../../dist/common/reverse/header.html', {"title": "tcpdump cheat sheet", "imageName": "@@folder"})
+
+      <main>
+        <div class="column1">
+          @@include('../../dist/@@folder/reverse/column1.html')
+        </div>
+        <div class="column2">
+          @@include('../../dist/@@folder/reverse/column2.html')
+        </div>
+      </main>
+
+      @@include('../../dist/common/footer.html')
+    </div>
+
+    <script src="../common/lib/highlight.pack.js"></script>
+    <script src="../common/script.js"></script>
+  </body>
+</html>

src/tcpdump/reverse/column1.md

@@ -0,0 +1,40 @@
+Filtering by a port range:
+`sudo tcpdump portrange <firstport>-<lastport>`
+
+Use a filter expression:
+`sudo tcpdump less <portnum>`
+`sudo tcpdump greater <portnum>`
+`sudo tcpdump <= <portnum>`
+
+# FILTERING PACKETS BY IP ADDRESS
+
+Filtering by a source IP address:
+`sudo tcpdump src <srcip>`
+
+Filtering by a destination IP address:
+`sudo tcpdump dst <destip>`
+
+Filtering by a host (both source and destination):
+`sudo tcpdump host <hostip>`
+
+Filtering by a network address:
+`sudo tcpdump net <netip/netmask>`
+
+# FILTERING PACKETS BY PROTOCOL
+
+ICMP traffic:
+`sudo tcpdump icmp`
+
+TCP traffic:
+`sudo tcpdump tcp`
+
+UDP traffic:
+`sudo tcpdump udp`
+
+Other protocols can be used: IGMP, IGRP, PIM, AH, ESP, CARP, VRRP.
+Example:
+`sudo tcpdump igmp`
+
+
+
+

src/tcpdump/reverse/column2.md

@@ -0,0 +1,34 @@
+# ADD PACKET INFORMATION
+
+Print link-level header (MAC addresses):
+`sudo tcpdump -e`
+
+# OTHER OPTIONS
+
+Capture a number of packets:
+`sudo tcpdump -c <numberofpackets>`
+Example with 10 packets:
+`sudo tcpdump -c 10`  
+<br />
+Print a number of packets of a file capture:
+`sudo tcpdump -r <file> --count` 
+<br />
+Only capture a part of each packet:
+`sudo tcpdump -s <size>`
+OR
+`sudo tcpdump --snapshot-length= <size>`
+Example for a packet size of 50 bytes:
+`sudo tcpdump -s 50`
+-s 0 is used for illimited size
+<br />
+Use a verbose mode to display detailed information about each packet:
+`sudo tcpdump -v`
+`sudo tcpdump -vv`
+`sudo tcpdump -vvv`
+<br />
+# COMBINE FILTERS
+
+All filters can be combine with "and" or "&&", "or" or "||", "not" or "!".
+
+
+

src/tcpdump/tcpdump.scss

@@ -0,0 +1,17 @@
+/* put your all custom css rules here */
+/* you must not change other scss files */
+
+body {
+  // available colors are: blue, green, purple, orange and grey
+  --currentColor: var(--purple);
+
+  main div {
+    img {
+      height: 230px;
+    }
+  }
+}
+
+.redtcpdump {
+  color: red;
+}