# tcpdump -d tcp
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 5
(002) ldb      [23]
(003) jeq      #0x6             jt 4	jf 5
(004) ret      #68
(005) ret      #0
# tcpdump -d udp
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 5
(002) ldb      [23]
(003) jeq      #0x11            jt 4	jf 5
(004) ret      #68
(005) ret      #0
# tcpdump -d udp and port 434
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 12
(002) ldb      [23]
(003) jeq      #0x11            jt 4	jf 12
(004) ldh      [20]
(005) jset     #0x1fff          jt 12	jf 6
(006) ldxb     4*([14]&0xf)
(007) ldh      [x + 14]
(008) jeq      #0x1b2           jt 11	jf 9
(009) ldh      [x + 16]
(010) jeq      #0x1b2           jt 11	jf 12
(011) ret      #68
(012) ret      #0
# tcpdump -d icmp
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 5
(002) ldb      [23]
(003) jeq      #0x1             jt 4	jf 5
(004) ret      #68
(005) ret      #0
# tcpdump -d net 131.252.215.20/22
tcpdump: non-network bits set in "131.252.215.20/22"
# tcpdump -d multicast
(000) ldb      [0]
(001) jset     #0x1             jt 2    jf 3
(002) ret      #68
(003) ret      #0
# tcpdump -d 224.0.0.0/8
(000) ldh      [12]
(001) jeq      #0x800           jt 2    jf 8
(002) ld       [26]
(003) and      #0xff000000
(004) jeq      #0xe0000000      jt 16   jf 5
(005) ld       [30]
(006) and      #0xff000000
(007) jeq      #0xe0000000      jt 16   jf 17
(008) jeq      #0x806           jt 10   jf 9
(009) jeq      #0x8035          jt 10   jf 17
(010) ld       [28]
(011) and      #0xff000000
(012) jeq      #0xe0000000      jt 16   jf 13
(013) ld       [38]
(014) and      #0xff000000
(015) jeq      #0xe0000000      jt 16   jf 17
(016) ret      #68
(017) ret      #0
# tcpdump -d net 1.0.0.0 and net 2.0.0.0
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 9
(002) ld       [26]
(003) jeq      #0x1000000       jt 4	jf 6
(004) ld       [30]
(005) jeq      #0x2000000       jt 18	jf 19
(006) jeq      #0x2000000       jt 7	jf 19
(007) ld       [30]
(008) jeq      #0x1000000       jt 18	jf 19
(009) jeq      #0x806           jt 11	jf 10
(010) jeq      #0x8035          jt 11	jf 19
(011) ld       [28]
(012) jeq      #0x1000000       jt 13	jf 15
(013) ld       [38]
(014) jeq      #0x2000000       jt 18	jf 19
(015) jeq      #0x2000000       jt 16	jf 19
(016) ld       [38]
(017) jeq      #0x1000000       jt 18	jf 19
(018) ret      #68
(019) ret      #0
# tcpdump -d net 1.0.0.0 or net 2.0.0.0
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 7
(002) ld       [26]
(003) jeq      #0x1000000       jt 15	jf 4
(004) jeq      #0x2000000       jt 15	jf 5
(005) ld       [30]
(006) jeq      #0x1000000       jt 15	jf 14
(007) jeq      #0x806           jt 9	jf 8
(008) jeq      #0x8035          jt 9	jf 16
(009) ld       [28]
(010) jeq      #0x1000000       jt 15	jf 11
(011) jeq      #0x2000000       jt 15	jf 12
(012) ld       [38]
(013) jeq      #0x1000000       jt 15	jf 14
(014) jeq      #0x2000000       jt 15	jf 16
(015) ret      #68
(016) ret      #0
# tcpdump -d tcp port 80 and tcp port 443
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 15
(002) ldb      [23]
(003) jeq      #0x6             jt 4	jf 15
(004) ldh      [20]
(005) jset     #0x1fff          jt 15	jf 6
(006) ldxb     4*([14]&0xf)
(007) ldh      [x + 14]
(008) jeq      #0x50            jt 9	jf 11
(009) ldh      [x + 16]
(010) jeq      #0x1bb           jt 14	jf 15
(011) jeq      #0x1bb           jt 12	jf 15
(012) ldh      [x + 16]
(013) jeq      #0x50            jt 14	jf 15
(014) ret      #68
(015) ret      #0
# tcpdump -d udp port 137 or tcp port 137
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 13
(002) ldb      [23]
(003) jeq      #0x11            jt 5	jf 4
(004) jeq      #0x6             jt 5	jf 13
(005) ldh      [20]
(006) jset     #0x1fff          jt 13	jf 7
(007) ldxb     4*([14]&0xf)
(008) ldh      [x + 14]
(009) jeq      #0x89            jt 12	jf 10
(010) ldh      [x + 16]
(011) jeq      #0x89            jt 12	jf 13
(012) ret      #68
(013) ret      #0