$ tcpdump -d tcp
(000) ldh      [12]
(001) jeq      #0x86dd          jt 2    jf 4
(002) ldb      [20]
(003) jeq      #0x6             jt 7    jf 8
(004) jeq      #0x800           jt 5    jf 8
(005) ldb      [23]
(006) jeq      #0x6             jt 7    jf 8
(007) ret      #96
(008) ret      #0

##</code><code>##

use constant IPv4 => 0x0800; # Regular TCP/IP
use constant IPv6 => 0x86dd; # New and improved!
use constant TCP  => 0x06;   # As opposed to UDP or ICMP
sub filter {
  my $type = unpack 'x12 n1', $_;
  my $proto;
  if ( $type == IPv6 ) {
    $proto = unpack 'x20 C1', $_;
  elsif ( $type == IPv4 ) {
    $proto = unpack 'x23 C1', $_;
  else {
    return;
  }
  return 1 if $proto == TCP;
  return;
}