tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

How do I Find Out Linux CPU Utilization?

Top command to find out Linux cpu usage Type the top command: $ top   Output:

nginx: Setup SSL Reverse Proxy (Load Balanced SSL Proxy)

everse proxy is a proxy server that is installed in a server network. Typically, reverse proxies...

Change Hostname / Reverse DNS (rDNS) / PTR

To change rDNS/PTR/hostname, please perform these steps: Login to the Clients Area; At the...

Linux Install Google Chrome Browser [ Ubuntu, Suse, Debian, Fedora ]

How do I install Google Chrome browser under Linux operating systems? How do I install...