If you ssh into a computer and want to use tcpdump to view traffic, ssh (22) can be excluded

tcpdump -i [interface] -n 'port!22'

Capture traffic leaving a host

tcpdump -pi [interface] src host [hostname]

Watch for traffic leaving one network and entering two other networks

tcpdump -pi [interface] src net [network] and dst net [network2] or [network3]
tcpdump -pi [interface] src net 128.128.252.0/28 and dst 192.168.11.0/24 or 192.168.12/24

Capture UDP packets from an interface in HEX

tcpdump -XX -I [interface]  port [UDP port]