As I was debugging an issue at work related to http headers being forwarded by haproxy I used a couple tcpdump commands that was great, storing here for future reference .
tcpdump -s 1024 -l -A | grep X-Forwarded-For tcpdump -s 1024 -l -A src 192.168.9.56 or dst 192.168.9.56
First one will print lines containing X-Forwarded-For, second one let you filter on src and/or destination .
Note that tcpdump by default does not include 127.0.0.1 or ::1 ( lo ) .