Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.
# ps aux|grep mysql
mysql 882 0.0 0.1 114192 1568 ? Ss Mar20 0:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
mysql 1039 0.0 4.2 552444 42900 ? Sl Mar20 0:02 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64 mysql/plugin --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
root 1441 0.0 0.0 109400 872 pts/0 S+ 00:13 0:00 grep --color=auto mysql
I hope you found this useful.