With that syntax you can filter the packets bitwise.
For example, consider the first two bytes of an IP frame.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Let's say you want to filter only ip packets with version equal to 4 (indicating IPv4 packets).
You can do something like this
tcpdump -i ethX 'ip[0:1] & 0xf0 = 0x40'
- ip[0:1] means "extract 1 bytes from offset zero of the IP frame"
- & 0xf0 filters out the IHL bits off the first byte
- = 0x40 will match only if the version bits contains the number 4
et voilà, you built a custom filter digging deeply into the captured frames.
In the two cases you listed, i suppose there's a typo.
I think it should be:
proto[x:y] & z = n : every bits are set to n when applying mask z to proto[x:y]
proto[x:y] = n : p[x:y] has exactly the bits set to n