nanog mailing list archives
Tcpdump data collection
From: Subba Rao <castellan2004-nsm () yahoo com>
Date: Tue, 2 Dec 2008 17:19:50 -0800 (PST)
Hello, I want to collect data on a network and map the data flow and system/port traffic. There are 2 scenarios of data collection here. The first is to collect IP traffic only. In this method I do not want the data portion of the IP packet (need IP address, source/destination ports etc). The second is to collect traffic that will show all the routing protocols (non-IP) used on this network. Today while collecting the data, I saw several HSRP packets. I don't know what portion of the packet is sufficient to capture for this purpose. I used the "-s 0" option on tcpdump which captures the whole packet. That is making the dump file large. Any help with the filters is appreciated to capture the non-data portion of the packets. Thank you in advance. Subba Rao
Current thread:
- Tcpdump data collection Subba Rao (Dec 02)
- Re: Tcpdump data collection Nathan Ward (Dec 02)
- Re: Tcpdump data collection Harry Hoffman (Dec 02)
- Re: Tcpdump data collection Chris Mills (Dec 02)