tcpdump filter that excludes private ip traffic
- by Kyle Brandt
For a generic filter to exclude all traffic in my dump that is between private IP address, I came up with the following:
sudo tcpdump -n '
(not
(
(src net 172.16.0.0/20 or src net 10.0.0.0/8 or src net 192.168.0.0/16)
and
(dst net 172.16.0.0/20 or dst net 10.0.0.0/8 or dst net 192.168.0.0/16)
)
) and
(not
(
…