tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

How do I Find Out Linux CPU Utilization?

Top command to find out Linux cpu usage Type the top command: $ top   Output:

PHP Increase Upload File Size Limit

Your php installation putting limits on upload file size. The default will restrict you to a max...

Bash Shell Generate Random Numbers

How do I create or generate random numbers (sequence of numbers that lack any pattern), under...

SUSE Linux Restart / Stop / Start Network Service

Task: Start Network Service # /etc/init.d/network start # /etc/init.d/network start eth0 Task:...