tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?


The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:

tcpdump -i eth1  -s 1500 port not 22

You can skip additional ports too:

tcpdump -i eth1  -s 1500 port not 22 and port not 53

You can also use ip or hostname:

tcpdump -i eth1 port not 22 and host 1.2.3.4

See also:

man tcpdump

Was this answer helpful?

 Print this Article

Also Read

mod_setenv: Lighttpd Send Custom Headers

How do I add a header to the HTTP request that was received from the client under Lighttpd web...

PHP Increase Upload File Size Limit

Your php installation putting limits on upload file size. The default will restrict you to a max...

How Do I Block an IP Address on My Linux server?

How do I block an IP address or subnet under Linux operating system? In order to block an IP on...

PHP Security: Limit Resources Used By Script

How do I control and put limits on php scripts such as maximum execution time of each script and...

OpenSSH Hide Version Number From Clients

How do I hide ssh number from clients? When I type the following command it displays server...