After checking the tcpdump man pages, I can tell you that the 'q' stands for 'quick output' - forces to print less protocol information so the output lines are smaller.
The 'tcp == 2' parameter is one I've never used before, but judging from the man pages, it looks like an expression designed to capture specific traffic.
The man pages have an example where it states that
"tcp always means the first byte of the TCP header..."
Using this information we can come to a logical conclusion that the 'tcp' parameter reefers to the 13th byte of the TCP header in a packet. As for the '==2' value, I'm suspecting its got something to do with the TCP flags, but not 100% sure what it means.
Anyone else that can shed some light to this problem ?
Its related to the TCP Flags and what type of datagram is sent [SYN, SYN/ACK, ACK, PSH, URG etc]. See how clearly its explained what you were looking for.
Do atleast minimal searches kiddo. Read RFC-793
Recall the structure of a TCP header without options:
0 15 31
| source port | destination port |
| sequence number |
| acknowledgment number |
| HL | rsvd |C|E|U|A|P|R|S|F| window size |
| TCP checksum | urgent pointer |
A TCP header usually holds 20 octets of data, unless
options are present. The first line of the graph contains
octets 0 - 3, the second line shows octets 4 - 7 etc.
Starting to count with 0, the relevant TCP control bits
are contained in octet 13: