Tcpdump data collection
securinate at gmail.com
Tue Dec 2 21:08:13 CST 2008
On Tue, Dec 2, 2008 at 8:19 PM, Subba Rao <castellan2004-nsm at yahoo.com>wrote:
> I want to collect data on a network and map the data flow and system/port
> traffic. There are 2 scenarios of data collection here. The first is to
> collect IP traffic only. In this method I do not want the data portion of
> the IP packet (need IP address, source/destination ports etc).
> The second is to collect traffic that will show all the routing protocols
> (non-IP) used on this network. Today while collecting the data, I saw
> several HSRP packets. I don't know what portion of the packet is sufficient
> to capture for this purpose.
> I used the "-s 0" option on tcpdump which captures the whole packet. That
> is making the dump file large. Any help with the filters is appreciated to
> capture the non-data portion of the packets.
> Thank you in advance.
> Subba Rao
More information about the NANOG