worked with the tcpdump folks on an updated set of examples for the tcpdump man page https://www.tcpdump.org/manpages/tcpdump.1.html#lbAF

@choomba @b0rk When a filter is tough to understand, you can dump the filter with -d and step through the compiled packet-matching code to see what it does. See https://taosecurity.blogspot.com/2004/09/understanding-tcpdumps-d-option-have.html and https://taosecurity.blogspot.com/2004/12/understanding-tcpdumps-d-option-part-2.html

Episode 9 of the Corelight podcast is live. I speak with our federal CTO, Jean Schaffer, about challenges faced by governments when trying to secure their data.

https://www.youtube.com/playlist?list=PLBKbF72bCp2UtefR6_GhrKATP3tVD7Vev

Corelight DefeNDRs

Listen to Corelight DefeNDRs on Spotify. Gain clear, actionable intelligence from Corelight's network defense experts. Corelight DefeNDRs translates complex cybersecurity detection challenges into concise, practical episodes designed to support faster, smarter decision-making across modern security teams.

Spotify (open.spotify.com)

Corelight DefeNDRs

Listen to Richard Bejtlich's Corelight DefeNDRs podcast on Apple Podcasts.

Apple Podcasts (podcasts.apple.com)