One can do even simpler: install a Linux host and run tcpdump / wireshark to capture its own traffic on an interface. If you time the start of capturing with the moment you connect, you can see the DHCP, and probably DAD and DHCPv6 and/or SLAAC. Then mDNS, as well as high chance for HTTP/HTTPS. Running “sudo ntpdate time.apple.com” will give you a taste of NTP. (ARP/ND will be necessarily somewhere there as well).
There's nothing easier than hooking up 2 computers via ethernet to an isolated hub, and then watching the traffic go back and forth. There's no additional stuff to filter, you can just look at the packets which match exactly what is shown in TCP/IP Illustrated. From there, you can expand but I think the best experience is sniffing traffic between two computers on a hub to learn the fundamentals.
Two isolated computers won’t get you very far in today’s network. They might get the auto configured 169.254/16 addresses and link-local IPv6, and get some Bonjour traffic but that is about it. But those protocols are not in TCP/IP illustrated.
Back in the times of IPX and NetBEUI that was indeed a useful activity - connecting two Windows 3.11 computers with NetBEUI was a nice way to learn Ethernet LLC-2 (yes, the connection-oriented Ethernet layer protocol :-) as it allowed to nicely trigger the DLSW to learn it.
