From 560e70918332e80a40a6f1e65ca435bbfa9067d8 Mon Sep 17 00:00:00 2001
From: "windhamwong@nva-hk.com" <windhamwong@nva-hk.com>
Date: Fri, 24 Mar 2017 12:43:14 +0000
Subject: [PATCH] Added sample recipe doc

---
 sample_recipe.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 sample_recipe.md

diff --git a/sample_recipe.md b/sample_recipe.md
new file mode 100644
index 00000000..f0583bdd
--- /dev/null
+++ b/sample_recipe.md
@@ -0,0 +1,16 @@
+# Ready-To-Go Sample Recipe 
+
+## tcpdump (no ASCII) Daily Use
+
+1. tcpdump (no ASCII) convert to plaintext (e.g. <code>0x0000: 0020 0A0D</code>)
+2. URL decode loop (e.g. <code>%3d</code> to <code>=</code>)
+3. From HTML Entity (e.g. <code>&amp;</code> to <code>&</code>)
+4. From 0x[Hex] (e.g. <code>0x33</code> to <code>!</code>)
+5. From Char(Hex) (e.g. <code>char(33)</code> to <code>!</code>)
+ 
+    	[{"op":"From nTcpdump","args":[]},
+    	{"op":"URL Decode","args":[]},
+    	{"op":"Conditional Jump","args":["\\%([0-9a-fA-F]{2,})","-1","45"]},
+    	{"op":"From HTML Entity","args":[]},
+    	{"op":"From 0x[Hex]","args":[]},
+    	{"op":"From Char(Hex)","args":[]}]
\ No newline at end of file