There's more...

You can see additional filters in the tcpdump main pages:

• To print all IPv4 HTTP packets to and from port 80 (that is, to print only packets that contain data, not, for example, syn, fin, or ack-only packets), configure the filter: tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)
• To print the start and end packets (the syn and fin packets) of each TCP conversation that involves a nonlocal host, configure tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet
• To print IP broadcast or multicast packets that were not sent via Ethernet broadcast or multicast, configure ether[0] & 1 = 0 and ip[16] >= 224
• To print all ICMP packets that are not echo requests/replies (that is, not ping packets), configure icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply