Commit 8267840

@@ -0,0 +1,36 @@
+[T/F] A traffic capture library typically requires administrative privileges to be instlled?T,packet_capture
+
+# tcpdump
+which flag prints the link-level header on each dump line: tcpdump -[?] -i eth0,e,packet_capture
+which flag prevents dns resolution: tcpdump -[?],n,packet_capture
+which flag specifies the interface to sniff on: tcpdump -[?] eth0,i,packet_capture
+which flag produces slightly more verbose output: tcpdump -[?],v,packet_capture
+which flag lists the interfaces available for sniffing: tcpdump -[?],D,packet_capture
+which flag specifies the file to read from: tcpdump -[?] file,r,packet_capture
+which flag specifies the file to write to: tcpdump -w [?],w,packet_capture
+which flag prints each packet in ASCII: tcpdump -[?],A,packet_capture
+which flag prints each packet in hexadecimel: tcpdump -[?],x,packet_capture
+which flag prints each packet in hexadecimel and ASCII: tcpdump -[?],X,packet_capture
+# any interface: tcpdump -i [?],any,packet_capture
+# limit to number of packets,c,
+# filters: dst
+# filters: src
+# filters: net
+# filters: portrange
+# filters: port
+# number of bytes,-s 100, 
+# all data in packet: -s [?], 0
+
+# wireshark
+[T/F] Wireshark can sniff packets on the loopback interface on Windows?,F,packet_capture 
+# specifiy eth[0] = ff:ff:ff
+
+# tshark
+which flag lists the interfaces available for sniffing: tshark -[?],D,packet_capture
+which flag specifies the file to write to: tshark -w [?],w,packet_capture
+which flag specifies the file to read from: tshark -[?] file,r,packet_capture
+
+# bpf 
+the bpf abbreiviation for Ethernet portion of a frame,ether,packet_capture
+the bpf abbreviation for the Internet Protocol v4 portion of a frame,packet_capture
+the bpf abbreviation for an ICMP portion of a frame,icmp,pacet_capture

@@ -0,0 +1,3 @@
+
+# ping
+which flag limits the number of ICMP packets: (win) ping -[?] 1,n,win_networking

@@ -1,2 +1,3 @@
 *.conf
+*.swp
 tests/