If you’re ever need to see incoming HTTP requests, maybe to check incoming headers, you want to know what cookies are being set, or get some clues as to why things aren’t being cached, the following command might be helpful:
tcpdump -A -s 10240 'tcp port 80 and (((ip[2:2] - ((ip&0xf)<<2)) - ((tcp&0xf0)>>2)) != 0)' | egrep --line-buffered "........(GET |HTTP\/|POST |HEAD )|[A-Za-z0-9-]+: " | sed -r 's/........(GET |HTTP\/|POST |HEAD )/\n\1/g'
It’s a bit of a mouthful, but it shows incoming HTTP requests direct from the network interface, and formats them in a readable way for humans. The nice thing is that you can then use grep with the output to show things like incoming cookies, or request headers. Probably more useful for monitoring requests than watching log files and guessing.
Hope it helps someone!