1 files changed, 10 insertions, 2 deletions

diff --git a/usr.sbin/tcpdump/tcpdump.8 b/usr.sbin/tcpdump/tcpdump.8
index 3f8eb942a95..d7742e579fb 100644
--- a/usr.sbin/tcpdump/tcpdump.8
+++ b/usr.sbin/tcpdump/tcpdump.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: tcpdump.8,v 1.73 2011/02/07 00:02:50 schwarze Exp $
+.\"	$OpenBSD: tcpdump.8,v 1.74 2011/03/28 07:56:13 giovanni Exp $
 .\"
 .\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996
 .\"	The Regents of the University of California.  All rights reserved.
@@ -19,7 +19,7 @@
 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
-.Dd $Mdocdate: February 7 2011 $
+.Dd $Mdocdate: March 28 2011 $
 .Dt TCPDUMP 8
 .Os
 .Sh NAME
@@ -1019,6 +1019,10 @@ of each TCP connection that involves a non-local host:
 # tcpdump 'tcp[13] & 3 != 0 and not src and dst net localnet'
 .Ed
 .Pp
+To print only the SYN packets of http connections
+.Pp
+.Dl # tcpdump 'tcp[tcpflags] = tcp-syn and port http'
+.Pp
 To print IP packets longer than 576 bytes sent through gateway snup:
 .Pp
 .Dl # tcpdump 'gateway snup and ip[2:2] > 576'
@@ -1035,6 +1039,10 @@ To print all ICMP packets that are not echo requests/replies
 .Pp
 .Dl # tcpdump 'icmp[0] != 8 and icmp[0] != 0'
 .Pp
+To print only echo requests ICMP packets:
+.Pp
+.Dl # tcpdump 'icmp[icmptype] = icmp-echo'
+.Pp
 To print and decrypt all ESP packets with SPI 0x00001234:
 .Pp
 .Dl # tcpdump -E des3-hmac96:ab...def 'ip[20:4] = 0x00001234'