#!/bin/sh # Show all network traffic except that for the current ssh connection # This allows running tcpdump remotely over ssh. # License: LGPLv2 # Author: # http://www.pixelbeat.org/ # Notes: # Some configurations of sudo strip the environment, # so to run under sudo in that case do: # sudo env SSH_CLIENT="$SSH_CLIENT" tcpdump_not_me # Changes: # V0.1, 22 Apr 2005, Initial release # V0.2, 28 Aug 2009, Shai Ben-Naphtali # Handle new format $SSH_CLIENT if test $SSH_CLIENT { global expression := $[ echo $SSH_CLIENT | sed 's/.*://; s/^\([0-9.]*\) [0-9]* \([0-9]*\)$/not \( host \1 and port \2 \)/] } tcpdump @Argv $expression (CommandList children: [ (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {(DQ ($ VSub_Name "$SSH_CLIENT"))} {(Lit_Other "]")}) terminator: ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:expression) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (C {(echo)} {(DQ ($ VSub_Name "$SSH_CLIENT"))}) (C {(sed)} { (SQ <"s/.*://;\n"> < " s/^\\([0-9.]*\\) [0-9]* \\([0-9]*\\)$/not \\( host \\1 and port \\2 \\)/" > ) } ) ] negated: False ) ] ) left_token: spids: [60 80] ) } spids: [59] ) ] spids: [59] ) ] spids: [-1 56] ) ] spids: [-1 82] ) (C {(tcpdump)} {(DQ ($ VSub_At "$@"))} {($ VSub_Name "$expression")}) ] )