tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

yum update Linux Error: Missing Dependency: xen-libs

When I type "yum update" under RHEL 5.x server I get the following error: Error: Missing...

HowTo: Verify My NTP Working Or Not

You can use any one of the following program to verify ntp client configuration: ntpq -...

Change Hostname / Reverse DNS (rDNS) / PTR

To change rDNS/PTR/hostname, please perform these steps: Login to the Clients Area; At the...

Yum issues with low memory plans (Resolution)

If you are getting yum errors on our 128 or 192 yearly plans with the CentOS/Fedora distro then...

Nginx Block And Deny IP Address OR Network Subnets

How do I block or deny access based on the host name or IP address of the client visiting...