Tcpdump Filter - Example

$tcpdump {read/capture} 'host 192.168.10.10 and ( 192.168.10.100 or 192.168.10.150)'
$tcpdump {read/capture} fxp0 'net 192.168.10.0/24' 
$tcpdump {read/capture} fxp0 'port 20 or 21' 
$tcpdump {read/capture} 'tcp' == $tcpdump -r file.pcap 'ip[9]=6' 
$tcpdump {read/capture} 'tcp[13] = 2'
$tcpdump {read/capture} 'tcp[13]&0x 03 != 0'
$tcdpump {read/capture} 'ip[2:2] > 1500'
$tcpdump {read/cature} 'icmp[0] != 8 and icmp[0] != 0'

... and many more