Can tcpdump be instructed not to report packets to a specific source?

linux networking tcpdump
6,635

Solution 1

Yes, you can add a filter in your tcpdump options. Assuming your IP is 1.2.3.4, this would look like:

tcpdump -f "not host 1.2.3.4" ...other options...

Solution 2

You can do it by means of the following command:

  tcpdump -i eth0 ! host Your.own.Ip.Address.

However, this is a slight overkill: you may occasionally be interested in packets addressed to your machine, but not to those pertaining to the communication itself. You can use 

  tcpdump -i eth0 ! port 22

(if you are connected via ssh) which will eliminate all packets going to/from the remote machine on port 22; this will however also drop all ssh packets to/from the remote machine from/to other machines.

If you want to be really complete, excluding only traffic between your local and remote machines via ssh, you have to issue:

  tcpdump -i etho ! '((host remote.machine.ip.address and port 22) and local.machine.ip.address)'

Remember the apices, they are important.

Share:
6,635

Related videos on Youtube

user1833028
Author by

user1833028

Updated on September 18, 2022

Comments

  • user1833028
    user1833028 over 1 year

    I would like to monitor packets using TCPdump. Sadly, I must do this remotely - in this case, I'm using a remote desktop from VNC, but at best I can do it over SSH.

    What I mean by "at best" is: I am seeing a huge number of packets that are directed at my own machine. I'm trying to monitor the server, not my local machine, so I'd really rather ignore any packets going to my own machine.

    Is there any way to make tcpdump report everything EXCEPT packets going to a certain I.P?

    My hacky solution is: sleep 5;tcpdump [options] and kill the VNC connection while I'm waiting.

  • Basilevs
    Basilevs over 9 years
    Should ! be escaped in bash?
  • MariusMatutiae
    MariusMatutiae over 9 years
    @Basilevs No, there is no need to escape !
  • eco
    eco almost 3 years
    INvalid syntax returned

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

tcpdump read both ipv4 and ipv6 packets from pcap
tcpdump error: no suitable device found in Linux
Capture only TCP SYN-ACK packets with tcpdump
Check for packets MARKed by iptables
tcpdump not capturing any packets
tcpdump: how to get grepable output?
how to make tcpdump to display ip and port number but not hostname and protocol
Using tcpdump to find strings
What does tcpdump "BOOTP/DHCP, Request from ..." mean?
Unknown tcpdump packets