If you read the main page of tcpdump , you will find that tcpdump can generate the BPF code in the style of a human readable or C program fragment, according to your given filtering conditions: e.g.,...

If you read the main page of tcpdump , you will find that tcpdump can generate the BPF code in the style of a human readable or C program fragment, according to your given filtering conditions: e.g., tcpdump –d host 192.168.1.1 . Figure out the generated BPF code first. Then, write a program to open a raw socket (see Open Source Implementation 5.8), turn on the promiscuous mode (see Open Source Implementation 5.9), use setsockopt to inject the BPF code into BPF, and then observe whether you indeed receive from the socket only the packets matching the given filter.