tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

HowTo: Update Centos Linux 5.4 to 5.5

Step # 1: Make A Backup It cannot be stressed enough how important it is to make a backup of...

Delete SSH Keys

Linux Lock An Account # passwd -l userName # passwd -l vivek FreeBSD Local An Account # pw...

Linux Default Services Which Are Enabled at Boot

Can you provide a guidance on default CentOS / Fedora / RHEL / Redhat enterprise Linux services...

Nginx: Custom Error 403 Page Not Working with IP Deny Configuration

I block or deny access based on the host name or IP address of the client visiting website under...

TightVNC Desktop

1. Installing the required packages   The server package is called 'vnc-server'. Run the...