DEL HTML anchors from posts as they are going to be added automaticly with new ssg

items/2023-06-11_long_getting-started-with-tcpdump.md

@@ -2,7 +2,7 @@
 
 In this blog post, I assume that `tcpdump` is already installed since the installation method can vary from system to system, and basic Linux and CLI skills already exist. I'll try to keep it as short as possible while providing all the necessary information.
 
-# General <a href="#general" id="general">#</a>
+# General 
 
 `tcpdump` is a CLI tool to capture network traffic to help you troubleshoot specific issues. I'll use a Linux system as a reference system.
 
@@ -13,7 +13,7 @@ You can get more help with the `-h` / `--help` or get the current version of `tc
 The following sections show you how to filter the traffic and save your packet captures to disk. For more advanced filters, you can use logical operators to combine filters.
 
 
-# Limit the hosts or networks <a href="#host-filter" id="host-filter">#</a>
+# Limit the hosts or networks 
 
 There are many ways to filter the packets you want to capture, and we are going to start with the host and network filters. Here are some examples:
 
@@ -48,7 +48,7 @@ You can specify whether the IP should be the source or destination instead of bi
 
 Use logical operators to filter for more than one host.
 
-#### Network filter <a href="#network-filter" id="network-filter">#</a>
+#### Network filter 
  
 If you want to traffic for a **specific network**, you can use the `net` option together with the **network address** and **CIDR notation**.
 
@@ -59,7 +59,7 @@ You could combine this option with `src` or `dst` to see only the incoming or ou
 : `sudo tcpdump src net 10.10.10.0/24`
 : `sudo tcpdump dst net 10.10.10.0/24`
 
-#### MAC address filter <a href="#mac-filter" id="mac-filter">#</a>
+#### MAC address filter 
 
 If you need to filter captures for a specific MAC address, you simply could use the previous filters with `ether`.
 
@@ -80,7 +80,7 @@ I've never used this option, but you can use a filter for incoming or outgoing t
 : `sudo tcpdump -Q in` / `sudo tcpdump --direction=in` # all incoming traffic
 : `sudo tcpdump -Q out` / `sudo tcpdump --direction=out` # all outgoing traffic
 
-# Port filters <a href="#port-filter" id="port-filter">#</a>
+# Port filters 
 
 Packet capture filter for a specific port:
 : `sudo tcpdump port 53` # source or destination port
@@ -94,7 +94,7 @@ Use `portrange` instead if you want to filter a range of ports:
 : `sudo tcpdump portrange 53` # source or destination port
 : `src` and `dst` can be used too!
 
-# Protocol filters <a href="#protocol-filter" id="protocol-filter">#</a>
+# Protocol filters 
 
 The most common protocol filters are:
 : `tcp`
@@ -104,7 +104,7 @@ The most common protocol filters are:
 : `ip6`
 : `arp`
 
-# Using a specific interface <a href="#interface" id="interface">#</a>
+# Using a specific interface 
 
 Choosing the proper interface is one of my most used options to keep the pcap file as small as possible. Most servers have multiple NICs, and many troubleshooting sessions require me to be connected to multiple networks. Choosing a single interface keeps things sorted.
 
@@ -133,7 +133,7 @@ To choose an interface for your packet capture, simply use `-i` / `--interface`
 
 You could use `any` as an interface for all interfaces, which is the current default anyway.
 
-# Miscellaneous options <a href="#misc-options" id="misc-options">#</a>
+# Miscellaneous options 
 
 These are just some filters that are important to know.
 
@@ -160,7 +160,7 @@ net 10.10.20.0/24 and port 53
 
 **Important:** Some options - like the choice of the interface - can not be put into this file, and the `tcpdump` user must be an owner or in the owner group of the file with the filters to get it working. Additional filters provided in the CLI will be ignored!
 
-# Logical operators <a href="#logical-operators" id="logical-operators">#</a>
+# Logical operators 
 
 As mentioned before, filters can be combined, and logical operators can be used for more advanced filter combinations.
 
@@ -176,7 +176,7 @@ A more complex `tcpdump` with more options could look like this:
 
 **Side note:** You need to place the filters in quotes if you want to use parentheses. 
 
-# Display options <a href="#display-options" id="display-options">#</a>
+# Display options 
 
 You've got various options to adjust the display of the captured packets in the terminal. This won't affect the raw packet capture that you would write to disk.
 
@@ -198,7 +198,7 @@ Various options for timestamps at the beginning of the line:
 : `-ttttt` # delta between current and the first packet of this capture in microseconds per default > `00:00:04.013707`
 
 
-# Saving capture to a file on disk <a href="#saving-to-disk" id="saving-to-disk">#</a>
+# Saving capture to a file on disk 
 
 Before we start, `tcpdump` overwrites files and does not append existing files. There is no option to change that, to my knowledge.
 
@@ -250,7 +250,7 @@ total 3096
 If you want to **limit the number of files**, you can create a **rotating buffer** with `-W NUMBER`. If the chosen number of files is reached, `tcpdump` starts to overwrite the first file again. It must be combined with the `-C` option. 
 
 
-# Reading PCAPs <a href="#reading-pcap" id="reading-pcap">#</a>
+# Reading PCAPs 
 
 As mentioned before, `tcpdump` saves everything raw in binary in a file that is not human readable. You can read this file again, **make it human readable again**, and **apply new filters again**.