using wireshark/tshark in command line to ignore ssh connections

networking linux wireshark packet-capture tshark

Solution 1:

Both tshark and tcpdump use the pcap library, so the capture filters use pcap-filter syntax. The filter you want is, as @tristan says, "not port 22". You can enter this as a quoted string argument to the -f option, or as an unquoted argument to the command. The following commands are equivalent:

# tshark -f "not port 22"
# tshark -- not port 22

The reason tshark complained about your command above is that your shell (probably Bash) expanded "!22" to command number 22 in your command history, which in this case was "ls". The Bash documentation has more information on history expansion.

Solution 2:

I don't have access to a tshark installation currently, but assuming that it's the same as the tcpdump: 

sudo tcpdump not port 22

so, potentially:

tshark not port 22

Related

ufw blocking apt
How to create an EC2 instance with knife?
cygwin ssh works locally, not remotely
ActiveDirectory domain service wizard: Prerequisites check for domain controller upgrade fails
Ntpd excessively inaccurate
Sanity Check: Is my CAT5e cable probably bad, or do I just need different connectors?
Using Chef Solo to provision a Windows EC2 instance and bootstrap it
How to move CSS to bottom of inspect window
Best practice disk usage for SQL Server
selinux avc: denied issue
Command / Method to find the up-time of SSH server daemon & Nginx
Openswan tunnel up, but works only in one direction