diff --git a/shell/find.sh b/shell/find.sh
index 1d03708..442687e 100644
--- a/shell/find.sh
+++ b/shell/find.sh
@@ -103,6 +103,8 @@ find /data -name "*.php" -type f -print0|xargs -0 egrep "(phpspy|c99sh|milw0rm|e
 find /data -name "*.php" -type f -print0|xargs -0 egrep "aaa"|awk -F: '{print $1}'|sort|uniq
 find . -name "*.php" -type f -print0| xargs -0 egrep  "aaa|bbb"| egrep "aaa"
 
+find . -name "*.php" | xargs grep "aaa"
+
 ##cd  /var/cache/yum找*.rpm移动到一个文件夹
 find  . -name  "*.rpm" -exec cp {} /root/111 \;
 
diff --git a/shell/tcpdump.sh b/shell/tcpdump.sh
new file mode 100644
index 0000000..b2d9dad
--- /dev/null
+++ b/shell/tcpdump.sh
@@ -0,0 +1,20 @@
+
+
+
+tcpdump -i em2  port 19000
+tcpdump -i eth0 -nn port 21
+
+tcpdump -vv -nn -i em2  tcp  port 19000 and host 192.168.1.131
+
+ tcpdump -vv -nn -i em2  tcp port 19000
+
+tcpdump -vv -nn -i em2  tcp  port 19000 -p
+
+tcpdump -i em2 -s 0 -c 100000 -w 0809.cap
+
+tcpdump -i em2 -s 0 -c 10000 -w 1.cap
+tcpdump -i em2 -s 0 -c 10000 -w 0808.cap
+
+ss -an | grep 19000|grep -i es | awk '{ print $6 }' | awk -F: '{ print $1}' | sort | uniq -c | sort -nr | head -n 30
+
+echo ok