tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

Delete SSH Keys

Linux Lock An Account # passwd -l userName # passwd -l vivek FreeBSD Local An Account # pw...

Linux/UNIX: Configure OpenSSH To Listen On an IPv6 Address

How do I enable OpenSSH SSH server to listen on an IPv6 address under Linux or UNIX operating...

HowTo: Verify My NTP Working Or Not

You can use any one of the following program to verify ntp client configuration: ntpq -...

Linux RAM Disk: Creating A Filesystem In RAM

Software RAM disks use the normal RAM in main memory as if it were a partition on a hard drive...

Used And Free Memory

What's going on? Linux is borrowing unused memory for disk caching. This makes it looks like you...