reverse grep

[Doug Hardie]

On Nov 3, 2007, at 19:35, deeptech71 at gmail.com wrote:

> heh
> I've read (kind of skimmed) the grep man page but i seem to have  
> missed the -v for some reason ^^

The use of grep -v will work as long as the tcpdump output is limited  
to one line per packet. However, some of the tcpdump options produce  
multiple lines per packet.  Those will appear to be jumbled as the  
initial line for the packet will not be included but the following  
lines will.  The best approach to using tcpdump in these situations  
is to use the -w option to write the raw data to a file.  Then use  
the -r to read it back in and filter using the tcpdump filters which  
do include the not function.  That way if you don't get what you  
need, you can try again on the same data.