The offset, once multiplied by 4 gives the byte count of the TCP header, meaning ((tcp & 0xf0) > 2) provides the size of the TCP header. Tcp means capturing the 13th byte of the tcp packet, corresponding to first half being the offset, second half being reserved.
I don't know what exactly you are calling handshake, but I propose this command that will probably capture more than 95% of what you can want: tcpdump -ni eth0 'tcp port 443 and (tcp & 0xf0) > 2)] = 0x16)'
