I am trying to capture data but am getting a flood of data from a replicating server that i need to filter out. Basically i would like to filter out any traffic between 192.168.1.1 and 192.168.1.2 as well as ignore traffic that has a source address of 192.168.1.3 to either 192.168.1.1 and 192.168.1.2. I have tried these captures and the only one that seems to work the way i need it is the first one: tshark not host 192.168.1.1 and not host 192.168.1.2 When I have tried to filter out the src ip to the dst ip I noticed i was filtering all traffic: tshark not src 192.168.1.3 and not dst 192.168.1.1 Also, how would I join the filters into one line? tshark not host 192.168.1.1 and not host 192.168.1.2 and not src 192.168.1.3 and not dst 192.168.1.1 Any help would be appreciated. asked 20 Jan '15, 14:34  dhorse |
One Answer:
From your post:
This would create a filter like: And:
This would create a filter like: Combined it makes: And then you don't want to see this traffic, so it becomes: answered 21 Jan '15, 00:59  SYN-bit ♦♦ |
Thanks for the quick reply, but when ever i try to add the parenthesis, I get a message saying, "-bash: syntax error near unexpected token `('"
(I converted your "answer" to a "comment", please see the FAQ)
That is because the parenthesis are also used by bash, to make sure they are not interpreted by bash, you need to put the whole capture filter in quotes so that bash sees it as a string and passes the whole filter to tshark.
That works great, thanks for the help.