Using tcpdump to monitor connectivity to a host excluding a port

There are occasions where I need to monitor all traffic between two hosts with tcpdump, but I want to exclude the traffic for a particular port. E.g., I may be logged into a system via Secure Shell (SSH), but don't want to have the output of tcpdump cluttered with the SSH traffic. If you want to view traffic between the host you are logged into and a remote system, you can specify the remote system using tcpcump host remote_host where remote_host is the fully qualified domain name (FQDN) of the remote system, e.g. system1.example.com, or the IP address of the remote system. You can monitor only traffic to/from a particular port using the port port_number parameter where port_number is the relevant port. E.g., if I wanted to monitor only SSH traffic with the host system1.example.com for the standard SSH port, port 22, I could use the command below:

If you wish to have tcpdump monitor traffic based on two parameters, e.g., host name and port number in the example above, put the word and between the parameters. However, if I wanted to monitor all traffic to/from system1.example.com, except for traffic using port 22, I can put not before the word port.

[/os/unix/programs/network/tcpdump] permanent link