In tcpdump, which is the difference between the following two commands? I tried to understand but they seems pretty much the same to me.
tcpdump ip host google.com
and
tcpdump ip and host google.com
There is no difference. If you compare the packet-matching code, generated by including the -d option, then you can see that they produce identical results:
tcpdump -d "ip host google.com" (000) ldh [12] (001) jeq #0x800 jt 2 jf 7 (002) ld [26] (003) jeq #0x8efa41ae jt 6 jf 4 (004) ld [30] (005) jeq #0x8efa41ae jt 6 jf 7 (006) ret #262144 (007) ret #0 tcpdump -d "ip and host google.com" (000) ldh [12] (001) jeq #0x800 jt 2 jf 7 (002) ld [26] (003) jeq #0x8efa41ae jt 6 jf 4 (004) ld [30] (005) jeq #0x8efa41ae jt 6 jf 7 (006) ret #262144 (007) ret #0