tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

mod_setenv: Lighttpd Send Custom Headers

How do I add a header to the HTTP request that was received from the client under Lighttpd web...

Changing Default SSH port From 22

nano /etc/ssh/sshd_configLook for#Port 22Change "22" to the port you wish to use.CTRL + X, Save...

TightVNC Desktop

1. Installing the required packages   The server package is called 'vnc-server'. Run the...

Linux / UNIX set the DNS from the command line

Check this link for more information...

Nginx Block And Deny IP Address OR Network Subnets

How do I block or deny access based on the host name or IP address of the client visiting...