Here's some docs I think might come in handy. I guess they rate beginner to intermediate level, keeping your tcpdump manual handy wouldn't hurt.
TCP/IP Skills Required for Security Analysts part 1: http://www.securityfocus.com/print/infocus/1779
TCP/IP Skills Required for Security Analysts part 2: http://www.securityfocus.com/print/infocus/1784
Making a Connection with tcpdump part 1: http://www.linuxjournal.com/article/6446
Making a Connection with tcpdump part 2: http://www.linuxjournal.com/article/6447
Passive Network Traffic Analysis: http://www.securityfocus.com/print/infocus/1696
Packet forensics using TCP: http://www.securityfocus.com/print/infocus/1845
Studying Normal Network Traffic part 1: http://www.securityfocus.com/print/infocus/1221
Studying Normal Network Traffic part 2: http://www.securityfocus.com/print/infocus/1222
Studying Normal Network Traffic part 3: http://www.securityfocus.com/print/infocus/1223
If you want to see more of tcpdump traffic analysis in action then check out various SANS ISC alerts, the SANS Intrusion Detection FAQ: http://www.sans.org/resources/idfaq/index.php?portal=
or for instance the Snort sigs mailinglist.