tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

OpenSSH Hide Version Number From Clients

How do I hide ssh number from clients? When I type the following command it displays server...

CentOS/RHEL Linux: Remove GDM

How do I uninstall a GUI Gnome login system ( GDM ) from my CentOS Linux v5.5 based server? GDM...

All About YUM

up2date command was part of RHEL v4.x or older version. You need to use yum command to update...

Setting up VPN for CentOS

First, You will need to open up a ticket with our support desk and ask for TUN/TAP to be enabled...

How to change the root Password using SSH

Changing your Root Password Using SSH This article will show you how to change the root...