Tcpdump data collection

• From: Subba Rao
• Date: Tue Dec 02 20:19:59 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Hello,

I want to collect data on a network and map the data flow and system/port traffic. There are 2 scenarios of data collection here.  The first is to collect IP traffic only.  In this method I do not want the data portion of the IP packet (need IP address, source/destination ports etc).

The second is to collect traffic that will show all the routing protocols (non-IP) used on this network.  Today while collecting the data, I saw several HSRP packets.  I don't know what portion of the packet is sufficient to capture for this purpose.

I used the "-s 0" option on tcpdump which captures the whole packet.  That is making the dump file large.  Any help with the filters is appreciated to capture the non-data portion of the packets.

Thank you in advance.

Subba Rao

• Follow-Ups:
  • Re: Tcpdump data collection Chris Mills
  • Re: Tcpdump data collection Harry Hoffman
  • Re: Tcpdump data collection Nathan Ward

• Prev by Date: Re: an over-the-top data center
• Next by Date: Re: Tcpdump data collection
• Date Index
• Thread Index
• Author Index
• Historical