nanog mailing list archives

Re: Tcpdump data collection

From: "Chris Mills" <securinate () gmail com>
Date: Tue, 2 Dec 2008 22:08:13 -0500

Maybe ntop?

http://www.ntop.org/overview.html

-Chris

On Tue, Dec 2, 2008 at 8:19 PM, Subba Rao <castellan2004-nsm () yahoo com>wrote:

Hello,

I want to collect data on a network and map the data flow and system/port
traffic. There are 2 scenarios of data collection here.  The first is to
collect IP traffic only.  In this method I do not want the data portion of
the IP packet (need IP address, source/destination ports etc).

The second is to collect traffic that will show all the routing protocols
(non-IP) used on this network.  Today while collecting the data, I saw
several HSRP packets.  I don't know what portion of the packet is sufficient
to capture for this purpose.

I used the "-s 0" option on tcpdump which captures the whole packet.  That
is making the dump file large.  Any help with the filters is appreciated to
capture the non-data portion of the packets.

Thank you in advance.

Subba Rao

Current thread:

Tcpdump data collection Subba Rao (Dec 02)
- Re: Tcpdump data collection Nathan Ward (Dec 02)
- Re: Tcpdump data collection Harry Hoffman (Dec 02)
- Re: Tcpdump data collection Chris Mills (Dec 02)