Ethereal-users: Re: [Ethereal-users] invert match

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Heikki Vatiainen <hessu@xxxxxxxxx>
Date: 27 May 2002 20:53:39 +0300
Karoly VEGH <karoly.vegh@xxxxxx> writes:

> I'm trying to find out, how to do an inverse match in the filter capture
> (ie. like grep -v)
> 
> for example I'd like to avoid having entries with ssh...
> 
> tethereal -f "!ssh" of course doesnt work.
> 
> what is the right syntax?

try tethereal -f "not tcp port ssh" to filter out *all* ssh traffic.
If you filter with "not (host your.ip.add and tcp src port ssh)" then
you should see also ssh traffic that is not sourced or sinked by your
own host.

-- 
Heikki Vatiainen                  * hessu@xxxxxxxxx
Tampere University of Technology  * Tampere, Finland