How to exclude some network packages while running tcpdump

Say, you want to capture some type of network traffic using cmd line tool ‘tcpdump’, but in a real VLAN, there are many “noisy packages”, for instance, ARP.

To exclude ARP from the tcp dump, you can use regular expression, as tcpdump itself doesn’t have a ‘ — exclude’ option.

For example:
The following command will capture all the traffic on interface ‘eth1’, except ARP.

tcpdump -i eth1 -n  not arp

You can exclude more than one protocol. The following command will capture all the traffic on interface ‘eth1’, except ARP and DNS:

tcpdump -i eth1 -n  not arp and not port 53