Have you ever used Tcpdump's -d option? The man page says:-d Dump the compiled packet-matching code in a human readable form to standard output and stop.I've never used that option before, but I just saw a Tcpdump developer use it to confirm a Berkeley packet filter in this thread. The user in the thread is trying to see TCP or UDP packets with a source address of "centernet.jhuccp.org" (162.129.225.192). First he specifies an incorrect BPF filter, which the developer then corrects. This is mildly interesting, but the useful information...