ngrep filter port
I am trying to list all traffic from 1 IP address but filter out port 1057.
ANy ideas? I keep getting syntax errors. I've tried: Code:
ngrep -e host xx.xx.xxx.170 not port 1057 |
BPF filters are always placed at the end of the command line and I always use single quotes: ngrep -switch -otherswitch 'host somehost and not tcp port portnumber'.
|
Quote:
ngrep -e 'host xx.xx.xxx.170 and not udp port 22' udp is for ssh? |
'getent services ssh'?
|
Quote:
Just trying to block ay packets from SSH in the trace so I can see it clearly... |
Quote:
|
Quote:
|
Quote:
Must be a misundestanding. I was asking how to list the packets from that source IP exluding SSH using ngrep. I looked up getent but I don't understand what it has to do with ngrep in this case...I'm just trying to exlude port 22 from the results. The code above for ngrep works but it is also listing ports 80 and 8080, which I need to exlcude. Do I just add a load of and staments on the end? The ngrep command does not seem to exclude the other IP addresses. ngrep -e 'host xx.xx.xxx.170 and not udp port 22 and not port 80 and not port 8080' Code:
T xx.xxx.xxx.198:16040 -> 213.155.157.118:80 [A] |
All times are GMT -5. The time now is 10:38 PM. |