noticed here that tcpdump using bpf's style on filtering the filters. tcp option is only to capture tcp traffics, not host is an option not to capture traffics coming from this host. in this example, i can avoid capturing traffics from my host 192.168.1.1 and 192.168.1.2. not 'port !22' option to avoid any traffics coming from port 22:ssh. noticed here when using '!' u need to put an quote '' between !.'!' is just another reserved char in tcpdump. so, be careful when using any of tcpdump reserved char. actually, this is a basic command for tcpdump. there are alot of tcpdump tricks and tips out there. the best place to learn more about tcpdump is www.tcpdump.org.
at the other hand of network tools i played are scapy, ruby libpcap and rubyforger. huhh, maybe i'll reserved these tools for next post.heh.:D