tcpdump

To analyse a capture file

tcpdump -r capture_file.pcap

general monitoring

-i any = listen on any interface
-i eth0 = listen on eth0 interface
-n = do not resolve hostnames
-q = quiet (less verbose)
-t = timestamp
-tttt = maximally readable timestamp
-v,vv,vvv = verbosity
-A = display in ASCII
-X = display in Hex
-w = write to file
-r = read a capture file
tcp = capture TCP only (tcpdump -i eth0 tcp)

filter for source destination IP

tcpdump -n src host 192.168.3.45 -r dumpfile.pcap
tcpdump -n dst host 192.168.3.45 -r dumpfile.pcap

filter for port number

tcpdump -n port 81 -r dumpfile.pcap

View traffic in hex format

tcpdump -nX -r dumpfile.pcap

specify flags

The TCP flags are at byte 14 (0->13) and the flags are:
CEUAPRSF
00000000

So A(ack) and P(psh) flags (either/or) would be
00011000 = 24 leading to:
tcpdump -A -n ‘tcp[13] = 24’ -r dumpfile.pcap