LinuxQuestions.org

LinuxQuestions.org (http://www.linuxquestions.org/questions/index.php)
-   Linux - Networking (http://www.linuxquestions.org/questions/forumdisplay.php?f=3)
-   -   not capture payload with tcpdump? (http://www.linuxquestions.org/questions/showthread.php?t=412654)

hedpe 02-07-2006 12:07 PM

not capture payload with tcpdump?
 
Hey guys,

I only want to record packet headers to a file via "tcpdump -w traffic.log" and I do not want it to save the payload or else the log could get huge.

Thanks!
George

stress_junkie 02-07-2006 01:27 PM

How about

tcpdump -e > traffic.log

hedpe 02-07-2006 01:31 PM

yeah, i guess that works, but i should have been more specific

i need to keep a file format so that i can open it in ethereal and do filtering and look through packet headers easier

maybe i am mistaken, because tcpdump -w traffic.log doesn't seem to be capturing the payloads... instead when I open it in ethereal i see "packet size limited during capture"

I am not sure this is the way I want to go though because it could possibly truncate a header, and i need all headers and full headers

thanks!
George

win32sux 02-07-2006 01:37 PM

maybe:
Code:

tcpdump -l -v -n -e > traffic.log

hedpe 02-07-2006 01:56 PM

says that the log file is not in a format it can understand

win32sux 02-07-2006 02:13 PM

ok. nevermind. it was a shot in the dark. :)

anyone know how to get tcpdump to output a log that is completely understandable by ethereal??

hedpe 02-07-2006 02:23 PM

by using -w file.log, ethereal can understand it, however I can't figure out how to remove the payload and keep all headers


All times are GMT -5. The time now is 11:43 PM.