tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

Used And Free Memory

What's going on? Linux is borrowing unused memory for disk caching. This makes it looks like you...

Nginx Force (Redirect) WWW.Domain.COM To Domain.COM

I know how to force and redirect www.example.com to example.com under Lighttpd web server. How do...

Change Hostname / Reverse DNS (rDNS) / PTR

To change rDNS/PTR/hostname, please perform these steps: Login to the Clients Area; At the...

Iptables Limits Connections Per IP

How do I restrict the number of connections used by a single IP address to my server for port 80...

PHP Security: Limit Resources Used By Script

How do I control and put limits on php scripts such as maximum execution time of each script and...