using wireshark/tshark in command line to ignore ssh connections

linux networking wireshark packet-capture tshark
14,680

Solution 1

Both tshark and tcpdump use the pcap library, so the capture filters use pcap-filter syntax. The filter you want is, as @tristan says, "not port 22". You can enter this as a quoted string argument to the -f option, or as an unquoted argument to the command. The following commands are equivalent:

# tshark -f "not port 22"
# tshark -- not port 22

The reason tshark complained about your command above is that your shell (probably Bash) expanded "!22" to command number 22 in your command history, which in this case was "ls". The Bash documentation has more information on history expansion.

Solution 2

I don't have access to a tshark installation currently, but assuming that it's the same as the tcpdump: 

sudo tcpdump not port 22

so, potentially:

tshark not port 22
Share:
14,680
Tiffany Walker
Author by

Tiffany Walker

Updated on September 18, 2022

Comments

  • Tiffany Walker
    Tiffany Walker over 1 year

    I'm trying to debug some by looking at the packets and I would like to avoid getting all the SSH traffic to the server. Is there a way to ignore?

    I tried to do something like tshark -f "port !22" but it stopped listening after the command.

    [root@vpn ~]# tshark -f "port !22"
tshark -f "port ls"
Running as user "root" and group "root". This could be dangerous.
Capturing on venet0
tshark: arptype 65535 not supported by libpcap - falling back to cooked socket.

tshark: Invalid capture filter: "port ls"!

That string isn't a valid capture filter (unknown port 'ls').
See the User's Guide for a description of the capture filter syntax.
0 packets captured
[root@vpn ~]#
  • 89c3b1b8-b1ae-11e6-b842-48d705
    89c3b1b8-b1ae-11e6-b842-48d705 over 11 years
    I knew TShark used libpcap, but I didn't know that the syntax was dictated by the underlying library. Good to know.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

tcpdump read both ipv4 and ipv6 packets from pcap
how to decrypt SSH packets captured on Wireshark tool on a SUSE Linux box
Using tcpdump to find strings
WireShark - Capturing Packets on Multiple IP Address (FIlter)
How to use Linux to capture packets on eth0 and send everything to eth1?
What program sent which packet to the network
Copying packets from an interface to another
Monitor number of bytes transferred to/from IP address on port
Incoming and outgoing traffic when NOTHING is running
How to trace networking activity of a command?