I always forget the parameters for this and have to look them up in the man page, so enough of that:
tcpdump -nnXSs 0 'port 80'
- "-nn" makes it not lookup hostnames in DNS and service names (in /etc/services) for respectively faster and cleaner output.
- "-X" makes it print each packet in hex and ascii; that's really the useful bit for tracking headers and such
- "-S" print absolute rather than relative TCP sequence numbers - If I remember right this is so you can compare tcpdump outputs from multiple users doing this at once
- "-s 0" by default tcpdump will only capture the beginning of each packet, using 0 here will make it capture the full packets. We are debugging, right?
Instead of "port 80" you can make more complicated rules like "port 80 and host 10.50.33.10".