tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet'
tcpdump 'gateway snup and (port ftp or ftp-data)'
tcpdump ip and not net localnet
tcpdump ip host ace and not helios
tcpdump host helios and ( hot or ace )
tcpdump 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply'
tcpdump 'gateway snup and (port ftp or ftp-data)'
tcpdump 'gateway snup and ip[2:2] > 576'
tcpdump 'ether[0] & 1 = 0 and ip[16] >= 224'
tcpdump ip host ace and not helios
tcpdump ip and not net localnet
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]\&0xf)<<2)) - ((tcp[12]\&0xf0)>>2)) != 0)'
tcpdump -i eth1 not port 23
tcpdump -i eth0 -n -s 16384 port 53 -XX
tcpdump 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply'
