I'm trying to debug some by looking at the packets and I would like to avoid getting all the SSH traffic to the server. Is there a way to ignore?
I tried to do something like tshark -f "port !22"
but it stopped listening after the command.
[root@vpn ~]# tshark -f "port !22"
tshark -f "port ls"
Running as user "root" and group "root". This could be dangerous.
Capturing on venet0
tshark: arptype 65535 not supported by libpcap - falling back to cooked socket.
tshark: Invalid capture filter: "port ls"!
That string isn't a valid capture filter (unknown port 'ls').
See the User's Guide for a description of the capture filter syntax.
0 packets captured
[root@vpn ~]#