tcpdump difference between ip host hostname | ip and host hostname

Question

In tcpdump, which is the difference between the following two commands? I tried to understand but they seems pretty much the same to me.

tcpdump ip host google.com

and

tcpdump ip and host google.com

score 3 · Accepted Answer · answered Jul 05 '22 at 13:51

There is no difference. If you compare the packet-matching code, generated by including the -d option, then you can see that they produce identical results:

tcpdump -d "ip host google.com"
(000) ldh      [12]
(001) jeq      #0x800           jt 2    jf 7
(002) ld       [26]
(003) jeq      #0x8efa41ae      jt 6    jf 4
(004) ld       [30]
(005) jeq      #0x8efa41ae      jt 6    jf 7
(006) ret      #262144
(007) ret      #0

tcpdump -d "ip and host google.com"
(000) ldh      [12]
(001) jeq      #0x800           jt 2    jf 7
(002) ld       [26]
(003) jeq      #0x8efa41ae      jt 6    jf 4
(004) ld       [30]
(005) jeq      #0x8efa41ae      jt 6    jf 7
(006) ret      #262144
(007) ret      #0

tcpdump difference between ip host hostname | ip and host hostname

1 Answers1