From 04e855c74dc06868c86763e4134d6667743f3b4f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roberto=20Abdelkader=20Mart=C3=ADnez=20P=C3=A9rez?=
 <robertomartinezp@gmail.com>
Date: Tue, 28 Jan 2020 07:47:28 +0100
Subject: [PATCH] tcpdump example

---
 .../03_NetworkSniffer/NetworkSniffer.pow      |  1 +
 examples/advanced/03_NetworkSniffer/README.md | 22 +++++++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100755 examples/advanced/03_NetworkSniffer/NetworkSniffer.pow
 create mode 100644 examples/advanced/03_NetworkSniffer/README.md

diff --git a/examples/advanced/03_NetworkSniffer/NetworkSniffer.pow b/examples/advanced/03_NetworkSniffer/NetworkSniffer.pow
new file mode 100755
index 0000000..629c330
--- /dev/null
+++ b/examples/advanced/03_NetworkSniffer/NetworkSniffer.pow
@@ -0,0 +1 @@
+kapow route add /sniff -c 'tcpdump -i any -U -s0 -w - "not portrange 8080-8082" | kapow set /response/body'
diff --git a/examples/advanced/03_NetworkSniffer/README.md b/examples/advanced/03_NetworkSniffer/README.md
new file mode 100644
index 0000000..7dd0347
--- /dev/null
+++ b/examples/advanced/03_NetworkSniffer/README.md
@@ -0,0 +1,22 @@
+# Network Sniffer (tcpdump) as a Service
+
+Provides an HTTP service that allows the user to sniff the network in real time.  The packet capture data is served as an HTTP stream that can be injected to a packet analysis tool on the fly.
+
+
+## How to run it
+
+For the sake of simplicity, run:
+
+```
+$ sudo -E kapow server NetworkSniffer.pow
+```
+
+In a production environment, tcpdump should be run with the appropiate
+permissions, but kapow can (and should) run as an unprivileged user.
+
+
+## How to consume it
+
+```
+$ curl http://localhost:8080/sniff | sudo -E wireshark -k -i -
+```