I used tcpdump to capture some traffic, but then realized that I didn’t need any of the application layer payload, but just the headers. The problem was that I had already done the capturing, and I had these huge pcap files taking up the precious space on my machine. What I first tried was using tcpdump to read the file and dump it, with a smaller snaplen: tcpdump -s 96 -r in.cap -w smaller.cap. That does not seem to change the snaplen, however. The solution I found is to use editcap, as described here:
https://www.wireshark.org/docs/man-pages/editcap.html

The second example in the manual was what I was looking for. This did the trick:

1

editcap -s 96 big_in.cap smaller_out.cap

Pipe all the raw data received on the interface eth0 to aplay:

1

tcpdump -i eth0 -w - | aplay

Listen to the network in stereo:

1

tcpdump -i eth0 -w - | aplay -c 2

Use a filter expression to only listen to specific data:

1

tcpdump -i eth0 -w -  tcp port 80 | aplay