Tcpdump Filters

Discussion in 'Linux Networking' started by goldtech, Oct 5, 2012.

  1. goldtech

    goldtech Guest


    I am using a sniffer called darkstat (I can use tcpdump filters with
    it) to look at my network traffic - specifically I want to see
    traffic to and from the local network and the Internet.

    I want to negate (not see) local traffic - specifically I want to not
    see in the sniffer log local traffic to and from a local media server
    and local computers on my home network. It streams a lot locally only
    and I don't need to see that.

    My local router only deals out local addresses of the kind The media server is statically assigned
    Could you verify that the following command will negate seeing this
    local streaming, or to be more precise not see traffic between the
    local media server and local computers?

    $ sudo darkstat -i eth0 -f "not ((src net and dst net or (src net and dst net"

    goldtech, Oct 5, 2012
    1. Advertisements

  2. goldtech

    Rick Jones Guest is just a subset of 192.168.1/24 and you've said you don't
    need to see any local traffic (?) so perhaps something like:

    "(not src net or (not dst net"

    Presumably, that filter expression should show you everything that has
    either source or destination IP other than those in

    rick jones
    Rick Jones, Oct 5, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.