diff --git a/poc/examples/tcpdump/README.md b/poc/examples/tcpdump/README.md
new file mode 100644
index 0000000..6c97294
--- /dev/null
+++ b/poc/examples/tcpdump/README.md
@@ -0,0 +1,11 @@
+Remote tcpdump sniffer with source filtering
+============================================
+
+1. Add any filter you want to the tcpdump command inside `tcpdump.pow`.
+2. For the sake of simplicity run `sudo kapow server tcpdump.pow`. In a
+   production environment tcpdump should be run with the appropiate permissions
+   but kapow can (and should) run as an unprivilieged user.
+3. In your local machine run `curl http://localhost:8080/sniff/wlp2s0 | sudo
+   wireshark -k -i -` if you don't want to run Wireshark as root follow this
+   guide: https://gist.github.com/MinaMikhailcom/0825906230cbbe478faf4d08abe9d11a
+4. Profit!
diff --git a/poc/examples/tcpdump/tcpdump.pow b/poc/examples/tcpdump/tcpdump.pow
new file mode 100644
index 0000000..36b83d9
--- /dev/null
+++ b/poc/examples/tcpdump/tcpdump.pow
@@ -0,0 +1 @@
+kapow route add /sniff/{iface} -c 'tcpdump -i "$(kapow get /request/matches/iface)" -U -s0 -w - "not port 8080" | kapow set /response/stream'