From c6b6d58f22669e30e97a5e081ff5c562743686df Mon Sep 17 00:00:00 2001
From: trimstray <trimstray@gmail.com>
Date: Wed, 24 Apr 2019 00:53:58 +0200
Subject: [PATCH] added new 'tcpdump' one-liner - signed-off-by: trimstray
 <trimstray@gmail.com>

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index c5cd5ee..ae45b4b 100644
--- a/README.md
+++ b/README.md
@@ -2592,6 +2592,12 @@ tcpdump -ei eth0 -w /tmp/capture-%H.pcap -G 3600 -C 200
 tcpdump -ei enp0s25 -nnn -t -c 200 | cut -f 1,2,3,4 -d '.' | sort | uniq -c | sort -nr | head -n 20
 ```
 
+###### Excludes any RFC 1918 private address
+
+```bash
+tcpdump -nei eth0 'not (src net (10 or 172.16/12 or 192.168/16) and dst net (10 or 172.16/12 or 192.168/16))'
+```
+
 ___
 
 ##### Tool: [tcpick](http://tcpick.sourceforge.net/)