> I have a small question regarding tcpdump filter:
> If i need to capture all tcp packets except port 22
> is this the correct filter
>
> tcpdump tcp port != 22
No.
Filter expressions on fields such as "tcp port" don't include comparison
operators; to test for packets with a TCP source or destination port of
22 you do
tcp port 22
and to test for packets that have neither a TCP source port of 22 nor a
TCP destination port of 22 you do
not tcp port 22
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
