Tcpdump data collection

Chris Mills securinate at gmail.com
Tue Dec 2 21:08:13 CST 2008


Maybe ntop?

http://www.ntop.org/overview.html

-Chris

On Tue, Dec 2, 2008 at 8:19 PM, Subba Rao <castellan2004-nsm at yahoo.com>wrote:

> Hello,
>
> I want to collect data on a network and map the data flow and system/port
> traffic. There are 2 scenarios of data collection here.  The first is to
> collect IP traffic only.  In this method I do not want the data portion of
> the IP packet (need IP address, source/destination ports etc).
>
> The second is to collect traffic that will show all the routing protocols
> (non-IP) used on this network.  Today while collecting the data, I saw
> several HSRP packets.  I don't know what portion of the packet is sufficient
> to capture for this purpose.
>
> I used the "-s 0" option on tcpdump which captures the whole packet.  That
> is making the dump file large.  Any help with the filters is appreciated to
> capture the non-data portion of the packets.
>
> Thank you in advance.
>
> Subba Rao
>



More information about the NANOG mailing list