Tcpdump data collection

Chris Mills securinate at
Wed Dec 3 03:08:13 UTC 2008

Maybe ntop?


On Tue, Dec 2, 2008 at 8:19 PM, Subba Rao <castellan2004-nsm at>wrote:

> Hello,
> I want to collect data on a network and map the data flow and system/port
> traffic. There are 2 scenarios of data collection here.  The first is to
> collect IP traffic only.  In this method I do not want the data portion of
> the IP packet (need IP address, source/destination ports etc).
> The second is to collect traffic that will show all the routing protocols
> (non-IP) used on this network.  Today while collecting the data, I saw
> several HSRP packets.  I don't know what portion of the packet is sufficient
> to capture for this purpose.
> I used the "-s 0" option on tcpdump which captures the whole packet.  That
> is making the dump file large.  Any help with the filters is appreciated to
> capture the non-data portion of the packets.
> Thank you in advance.
> Subba Rao

More information about the NANOG mailing list