-   Linux - Networking (
-   -   not capture payload with tcpdump? (

hedpe 02-07-2006 01:07 PM

not capture payload with tcpdump?
Hey guys,

I only want to record packet headers to a file via "tcpdump -w traffic.log" and I do not want it to save the payload or else the log could get huge.


stress_junkie 02-07-2006 02:27 PM

How about

tcpdump -e > traffic.log

hedpe 02-07-2006 02:31 PM

yeah, i guess that works, but i should have been more specific

i need to keep a file format so that i can open it in ethereal and do filtering and look through packet headers easier

maybe i am mistaken, because tcpdump -w traffic.log doesn't seem to be capturing the payloads... instead when I open it in ethereal i see "packet size limited during capture"

I am not sure this is the way I want to go though because it could possibly truncate a header, and i need all headers and full headers


win32sux 02-07-2006 02:37 PM


tcpdump -l -v -n -e > traffic.log

hedpe 02-07-2006 02:56 PM

says that the log file is not in a format it can understand

win32sux 02-07-2006 03:13 PM

ok. nevermind. it was a shot in the dark. :)

anyone know how to get tcpdump to output a log that is completely understandable by ethereal??

hedpe 02-07-2006 03:23 PM

by using -w file.log, ethereal can understand it, however I can't figure out how to remove the payload and keep all headers

All times are GMT -5. The time now is 11:57 PM.