[109620] in North American Network Operators' Group
Re: Tcpdump data collection
daemon@ATHENA.MIT.EDU (Chris Mills)
Tue Dec 2 22:08:27 2008
Date: Tue, 2 Dec 2008 22:08:13 -0500
From: "Chris Mills" <securinate@gmail.com>
To: nanog@nanog.org
In-Reply-To: <952973.15796.qm@web30804.mail.mud.yahoo.com>
Errors-To: nanog-bounces@nanog.org
Maybe ntop?
http://www.ntop.org/overview.html
-Chris
On Tue, Dec 2, 2008 at 8:19 PM, Subba Rao <castellan2004-nsm@yahoo.com>wrote:
> Hello,
>
> I want to collect data on a network and map the data flow and system/port
> traffic. There are 2 scenarios of data collection here. The first is to
> collect IP traffic only. In this method I do not want the data portion of
> the IP packet (need IP address, source/destination ports etc).
>
> The second is to collect traffic that will show all the routing protocols
> (non-IP) used on this network. Today while collecting the data, I saw
> several HSRP packets. I don't know what portion of the packet is sufficient
> to capture for this purpose.
>
> I used the "-s 0" option on tcpdump which captures the whole packet. That
> is making the dump file large. Any help with the filters is appreciated to
> capture the non-data portion of the packets.
>
> Thank you in advance.
>
> Subba Rao
>
