-i any : Listen on all interfaces just to see if you’re seeing any traffic.
-n : Don’t resolve hostnames.
-nn : Don’t resolve hostnames or port names.
-X : Show the packet’s contents in both hex and ASCII.
-XX : Same as -X, but also shows the ethernet header.
-v, -vv, -vvv : Increase the amount of packet information you get back.
-c : Only get x number of packets and then stop.
-s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less.
-S : Print absolute sequence numbers.
-e : Get the ethernet header as well.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.
Tcpdump with high information and Dns resolution for google requests
tcpdump -e -ttt -vvv -i em1 | grep google
Tcpdump without Dns resolution and no information for google requests
tcpdump -e -ttt -n -i em1 | grep google
Checking a BSD system if the rules are blocked
tcpdump -e -n -ttt -i pflog0