tcpdump filter src dst port

Question

I need to sniff voip traffic on 5060 port. And at the same time I need to exclude all packets where src port 5060 and dst port 5061

I need something like:

tcpdump -i any -vvv -s0 port 5060 and (not src port 5060 and not dst port 5061)

but the second part of the filter should be related to a single packet, not all traffic. How can I do that?

So you want to see all traffic to or from port 5060, *except* for traffic that's from port 5060 and to port 5061? — , May 21 '14 at 17:40

score 13 · Accepted Answer · answered May 22 '14 at 16:25

13

Try

port 5060 and not (src port 5060 and dst port 5061)

answered May 22 '14 at 16:25

1 Answers1