1 tcpdump -e -i 0.0 -nn -p host 41.6.6.5 and host 193.161.1.1 and port 80
- Ignores whether the traffic is tcp/udp, but then you didn't specify either :)
2 tcpdump -e -i 0.0 -nn -p host 41.6.6.5 and host and icmp
- DOesn't bother checking the type. You could tie it down to icmp-echo in and icmp-echo-reply out, but unless you have issues with too much icmp, that filter will do fine.
Note I use
-e shows the ethernet MAC addresses in the output. And VLAN tagging as well if running 802.1Q
-i 0.0 listen on all interfaces.
-nn don't translate IP's or ports to names
-p don't run in promiscuous mode (Doesn't mean a lot here. Force of habit from my old days with SunOS 4.1 and AIX :)
-- promiscuous does mean a lot on solaris 10.x. You only get one-way traffic if you specify -p with snoop... But I digress..
H