小企鵝開談 : [教學]如何抓取主機現有連線的封包?

• 發表新主題

發表者	討論內容
冷日 (冷日)	發表時間：2018/12/14 7:55
Webmaster 註冊日: 2008/2/19 來自: 發表數: 15773	[轉貼]tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session I‘m using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session? The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax: tcpdump -i eth1 -s 1500 port not 22 You can skip additional ports too: tcpdump -i eth1 -s 1500 port not 22 and port not 53 You can also use ip or hostname: tcpdump -i eth1 port not 22 and host 1.2.3.4 SEE ALSO: man tcpdump 原文出處：tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session - nixCraft
回覆

平面展開

前一個主題 | 下一個主題 | | | |

討論串

•    [教學]如何抓取主機現有連線的封包? (冷日
  (冷日), 2006/1/11 5:31)
•    [分享]Tcpdump的使用 (冷日
  (冷日), 2006/1/11 8:47)
•    » [轉貼]tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session (冷日
  (冷日), 2018/12/14 7:55)
•        [轉貼]tcpdump 的用法 (冷日
  (冷日), 2018/12/14 8:00)