How to capture all the HTTP packets using tcpdump
It can be done by ngrep
ngrep -q -d eth1 -W byline host stackoverflow.com and port 80 ^ ^ ^ ^ | | | | | | | | | | | v | | | filter expression | | | | | +--> -W is set the dump format ("normal", "byline", "single", "none") | | | +----------> -d is use specified device instead of the pcap default | +-------------> -q is be quiet ("don't print packet reception hash marks")
Based on what you have mentioned, ngrep (on Unix) and Fiddler (Windows) might be better/easier solutions.
If you absolutely want to use tcpdump, try out the following options
tcpdump -A -vvv host destination_hostname-A (ascii)-vvv (verbose output)
tcpdump -i eth0 -w dump3.pcap -v 'tcp and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'