Using awk with tcpdump

Say you want to monitor traffic but you want to eliminate your chatty connection traffic so you want to exclude say ssh and/or tcp-3389.

tcpdump -i {interface} -s {packet size} host {host} | awk '!/port1/&&!/port2/'

  #tcpdump -i eth0 -s0 host 10.10.10.10 |awk '!/22/&&!/3389/' 

Also try this - Notice the difference in the awk piece.

 

 tcpdump -i eth0 | awk '!/ssh|ftp|https|netbios-ssn|domain|mdns|8014|www|lotusnote|microsoft-ds|netbios-ns|snmp|ARP|BOOTP/'