Using tcpdump and Wireshark

Run tcpdump on a remote machine

The -s option specifies capture of whole data packets.

You probably want to change the device "eth1" and expression "port 80" in the following command:

sudo tcpdump -w /tmp/tcpdump.pcap -s 0 -i eth1 port 80

The output file (tcpdump.pcap) may be analyzed on a different machine then it was collected on.

wireshark /tmp/tcpdump.pcap