If you're ever in a situation where you need to see incoming HTTP requests, maybe to check incoming headers, or you want to know what cookies are being set, or get some clues as to why things aren't being cached, the following command might be helpful:
tcpdump -A -s 10240 'tcp port 80 and (((ip[2:2] - ((ip&0xf)<<2)) - ((tcp&0xf0)>>2)) != 0)' | egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\n\1/g'
it's a bit of a mouthful, but what it does is show incoming HTTP requests direct from the network interface, and format them in a human readable way. The nice thing is that you can then use grep with the output to show things like incoming cookies, or request headers. Probably more useful for monitoring requests than watching log files and guessing.
Hope it helps someone!