diff --git a/notes/testbed/data collection/Design document.md b/notes/testbed/data collection/Design document.md
new file mode 100644
index 0000000..a874501
--- /dev/null
+++ b/notes/testbed/data collection/Design document.md
@@ -0,0 +1,16 @@
+# Needed Metadata
+- _Must_ contain IP address of *IoT* device
+- _Can_ contain IP addr of capture host
+
+# Options
+## tcpdump options
+see [[tcpdump]]
+## kybcap options
+| Option | Desciption|
+| ------- | ---------- |
+| `--setup` | Go through guided setup process |
+| `--meta-config` | Go through guided meta data setup |
+| `--mdevice=` | _Metadata_ : Specify device name |
+| `--mipdev=` | _Metadata_ : Specify device ip address |
+| `--mmac=` | _Metadata_ : Specify device MAC address |
+| `--to-csv` | _post_processing: extract pcap into csv |
\ No newline at end of file
diff --git a/notes/wiki/python-libs.md b/notes/wiki/python-libs.md
new file mode 100644
index 0000000..fb9913c
--- /dev/null
+++ b/notes/wiki/python-libs.md
@@ -0,0 +1 @@
+# `argparse`
diff --git a/notes/wiki/tcpdump.md b/notes/wiki/tcpdump.md
new file mode 100644
index 0000000..dc5b5dc
--- /dev/null
+++ b/notes/wiki/tcpdump.md
@@ -0,0 +1,22 @@
+[docs](https://www.tcpdump.org/manpages/tcpdump.1.html)
+
+### Options
+#### `tcpdump`
+| Option | Description |
+| ------- | ------------ |
+| `-c` _count_
`--count` | to specify number of packets to capture |
+| `-i` _interface_
`--interface=` | specify the interface e.g. 'eth0' or 'wlan0' etc. |
+| `-F` _file_ | Get filter expression from _file_ |
+| `-I`
`--monitor-mode` | Put interface into monitor mode|
+| `-n` | No name resolution for addresses (host, port no. etc) |
+| `-#`
`--number` | Print a packet number at beginning of line |
+|`-t` | _Don't_ print a timestamp on each dump line. |
+|`-tt` | Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and fractions of a second since that time, on each dump line. |
+| `-ttt` | Print a delta (res dep on `--time-stamp-precision` option) between current and previous line on each dump line. default is microsecond resolution. |
+| `-tttt` | Print a timestamp, as hours, minutes, seconds, and fractions of a second since midnight, preceded by the date, on each dump line. |
+| `-ttttt` |Print a delta (res dep on `--time-stamp-precision`) between current and first line on each dump line. default is microsecond resolution. |
+| `-w` _file_ | Write raw packets to _file_ |
+| `-e` | print link level header. See manpage for more details |
+
+
+