From 5adc353ba9019db7be0819eaf53ddba21d1f38f0 Mon Sep 17 00:00:00 2001
From: Bruno TATU <btatu@evolix.fr>
Date: Wed, 12 Sep 2018 16:38:30 +0200
Subject: [PATCH] tcpdump: add tips for sniff all POST query

---
 HowtoTcpdump.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/HowtoTcpdump.md b/HowtoTcpdump.md
index b6d36792..0499c3a5 100644
--- a/HowtoTcpdump.md
+++ b/HowtoTcpdump.md
@@ -123,3 +123,9 @@ en temps réel
 ~~~
 # tcpdump -n -ttt -e -i pflog
 ~~~
+
+* Récuper toutes les trâmes de type POST sur le port 80
+
+~~~
+# tcpdump -vv -s 0 -A 'tcp dst port 80 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48545450 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x3C21444F' -w /home/user/capture.pcap
+~~~