From owner-freebsd-questions@FreeBSD.ORG Sun Nov 4 10:20:02 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 82EA916A46D for ; Sun, 4 Nov 2007 10:20:02 +0000 (UTC) (envelope-from ckeladis@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.188]) by mx1.freebsd.org (Postfix) with ESMTP id 1231E13C4CC for ; Sun, 4 Nov 2007 10:20:01 +0000 (UTC) (envelope-from ckeladis@gmail.com) Received: by mu-out-0910.google.com with SMTP id i10so1438037mue for ; Sun, 04 Nov 2007 02:19:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=p4HxGoM40zZ2ejQfY4cqgcW38IDVQk+FBpU0d3w1To0=; b=F6WuW7iCovNwu/w5D7YZHYB0Ft4MF/dVFXJZkmwgPhiXHL5ELdZCeDjgUwyVf2rD2gzQIvnQLc2jB0IC6j2IpveHFmriKPs4tWM8PGNwroJIoYcDgkJjQRjvNeyfa1yVZ7MGmIFe/qHnC7UqLJQ0L8W+r5vVW29ZMTaVzTPiu38= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=p6cY3IkYpls+l1q8bxgh0pZGfWa7MUysr7CrvvYQcpVsVz6BzgGK9eHzlA7E0sTDOexHr93dik03PvYRjHql/pTiTeKPU1Re3oOJ/vwsDzJLCvuMavc/vXiVvqJVRoz+4qfHKwp5GUE7wpuYmcFjwl9yzI5H091sOlE8lQcEtcs= Received: by 10.86.99.9 with SMTP id w9mr2406890fgb.1194169975529; Sun, 04 Nov 2007 01:52:55 -0800 (PST) Received: by 10.86.71.15 with HTTP; Sun, 4 Nov 2007 01:52:55 -0800 (PST) Message-ID: <268f570d0711040152n18469c3en24661f6c7410a2f9@mail.gmail.com> Date: Sun, 4 Nov 2007 20:52:55 +1100 From: "Chris Keladis" To: deeptech71@gmail.com In-Reply-To: <20071104013706.GA61859@thought.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <472D0E7D.6050209@gmail.com> <20071104013706.GA61859@thought.org> Cc: Gary Kline , freebsd-questions@freebsd.org Subject: Re: reverse grep X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Nov 2007 10:20:02 -0000 On 11/4/07, Gary Kline wrote: > On Sun, Nov 04, 2007 at 01:12:45AM +0100, deeptech71@gmail.com wrote: > > How is it possible to select lines that do NOT match a specific pattern? > > > > For example, I'm connecting to 192.168.123.254 via telnet (port 23), and > > do tcpdump -nli rl0. This cyclic traffic, becuase when tcpdump outputs > > something, the system sends me some packets, which generates output in > > tcpdump, and vice versa. I want to filter out packets of telnet access > > to the FreeBSD machine, that is, something like: > > > > tcpdump -nli rl0 | grep --non-matching-lines 192.168.123.254.23 > > % tcpdump -nli rl0 | grep -v 192.168.123.254.23 > > will print everything except the IP you have shown. Actually, a better way to do it would be: % tcpdump -nli rl0 'not host 192.168.123.254 and port 22' Will prevent tcpdump from capturing your own SSH traffic. grep -v is only a partial solution, if a switch such as '-X' (or '-x' on some platforms) is added, grep -v will snip only the matching line, leaving all the other lines that don't match, through, which will generate traffic, get captured, and loop as previously, as well as making the output look very non-sensical. 'man tcpdump' will be a better read in this case than man grep, although the question was perhaps worded poorly, leading to responses on grep. Regards, Chris.