tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

Nginx Block And Deny IP Address OR Network Subnets

How do I block or deny access based on the host name or IP address of the client visiting...

Linux / UNIX set the DNS from the command line

Check this link for more information...

Yum issues with low memory plans (Resolution)

If you are getting yum errors on our 128 or 192 yearly plans with the CentOS/Fedora distro then...

Linux Install Google Chrome Browser [ Ubuntu, Suse, Debian, Fedora ]

How do I install Google Chrome browser under Linux operating systems? How do I install...

How do I Find Out Linux CPU Utilization?

Top command to find out Linux cpu usage Type the top command: $ top   Output: