$ tcpdump -i eth0 -nN -vvv -xX -s 1500 port not 22 Or to filter out port 123 as well getting the full length of the packet (-s 0), use the following: $ tcpdump -i eth0 -nN -vvv -xX -s 0 port not 22 and port not 123 Or to filter only a certain host say 192.168.158.205 $ tcpdump -i eth0 -nN -vvv -xX port not 22 and host 192.168.158.205 Just want ip addresses and a little bit of data, then, use this. The "-c 20" is to stop after 20 packets. $ tcpdump -i eth0 -nN -s 1500 port not 22 -c 20 If you're looking for sign of DOS attacks, the following show just the SYN packets on all interfaces: $ tcpdump 'tcp & 2 == 2'
Monday, October 18, 2010
Monitor all Network Traffic Except Your Current ssh Connection
Posted by Unknown at 9:26 AM