[109619] in North American Network Operators' Group
Re: Tcpdump data collection
daemon@ATHENA.MIT.EDU (Harry Hoffman)
Tue Dec 2 21:32:33 2008
From: Harry Hoffman <hhoffman@ip-solutions.net>
To: castellan2004-nsm@yahoo.com
In-Reply-To: <952973.15796.qm@web30804.mail.mud.yahoo.com>
Date: Tue, 02 Dec 2008 21:32:04 -0500
Cc: NANOG@nanog.org
Reply-To: hhoffman@ip-solutions.net
Errors-To: nanog-bounces@nanog.org
Check out argus http://www.qosient.com/argus/
It can do exactly what you what.
Cheers,
Harry
On Tue, 2008-12-02 at 17:19 -0800, Subba Rao wrote:
> Hello,
>
> I want to collect data on a network and map the data flow and system/port traffic. There are 2 scenarios of data collection here. The first is to collect IP traffic only. In this method I do not want the data portion of the IP packet (need IP address, source/destination ports etc).
>
> The second is to collect traffic that will show all the routing protocols (non-IP) used on this network. Today while collecting the data, I saw several HSRP packets. I don't know what portion of the packet is sufficient to capture for this purpose.
>
> I used the "-s 0" option on tcpdump which captures the whole packet. That is making the dump file large. Any help with the filters is appreciated to capture the non-data portion of the packets.
>
> Thank you in advance.
>
> Subba Rao
