[109617] in North American Network Operators' Group
Tcpdump data collection
daemon@ATHENA.MIT.EDU (Subba Rao)
Tue Dec 2 20:20:14 2008
Date: Tue, 2 Dec 2008 17:19:50 -0800 (PST)
From: Subba Rao <castellan2004-nsm@yahoo.com>
To: NANOG@nanog.org
Reply-To: castellan2004-nsm@yahoo.com
Errors-To: nanog-bounces@nanog.org
Hello,
I want to collect data on a network and map the data flow and system/port t=
raffic. There are 2 scenarios of data collection here.=A0 The first is to c=
ollect IP traffic only.=A0 In this method I do not want the data portion of=
the IP packet (need IP address, source/destination ports etc).
The second is to collect traffic that will show all the routing protocols (=
non-IP) used on this network.=A0 Today while collecting the data, I saw sev=
eral HSRP packets.=A0 I don't know what portion of the packet is sufficient=
to capture for this purpose.
I used the "-s 0" option on tcpdump which captures the whole packet.=A0 Tha=
t is making the dump file large.=A0 Any help with the filters is appreciate=
d to capture the non-data portion of the packets.
Thank you in advance.
Subba Rao
