[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tcpdump data collection

Subject: Tcpdump data collection
From: castellan2004-nsm at yahoo.com (Subba Rao)
Date: Tue, 2 Dec 2008 17:19:50 -0800 (PST)

Hello,

I want to collect data on a network and map the data flow and system/port traffic. There are 2 scenarios of data collection here.? The first is to collect IP traffic only.? In this method I do not want the data portion of the IP packet (need IP address, source/destination ports etc).

The second is to collect traffic that will show all the routing protocols (non-IP) used on this network.? Today while collecting the data, I saw several HSRP packets.? I don't know what portion of the packet is sufficient to capture for this purpose.

I used the "-s 0" option on tcpdump which captures the whole packet.? That is making the dump file large.? Any help with the filters is appreciated to capture the non-data portion of the packets.

Thank you in advance.

Subba Rao

Follow-Ups:
- Tcpdump data collection
  - From: nanog at daork.net (Nathan Ward)
- Tcpdump data collection
  - From: hhoffman at ip-solutions.net (Harry Hoffman)
- Tcpdump data collection
  - From: securinate at gmail.com (Chris Mills)

Prev by Date: an over-the-top data center
Next by Date: Tcpdump data collection
Previous by thread: Followup on Cogent/Sprint
Next by thread: Tcpdump data collection
Index(es):
- Date
- Thread