tcpdump for X-Forwarded-For header

How to take tcp dump for a service that is running on port 4002

#tcpdump -vvvs 1024 -l -A -w /tmp/web-1.pcap tcp port 4002

or

Take a dump to some specific network interface on some specific port.

tcpdump -i eth0.12 -s0 -w /tmp/web-1.pcap port 4002

How to read the tcpdump

tcpdump -X -vv -r web-1.pcap

or

use wireshark