not capture payload with tcpdump?

hedpe · 02-07-2006, 12:07 PM

Hey guys,

I only want to record packet headers to a file via "tcpdump -w traffic.log" and I do not want it to save the payload or else the log could get huge.

Thanks!
George

stress_junkie · 02-07-2006, 01:27 PM

How about

tcpdump -e > traffic.log

hedpe · 02-07-2006, 01:31 PM

yeah, i guess that works, but i should have been more specific

i need to keep a file format so that i can open it in ethereal and do filtering and look through packet headers easier

maybe i am mistaken, because tcpdump -w traffic.log doesn't seem to be capturing the payloads... instead when I open it in ethereal i see "packet size limited during capture"

I am not sure this is the way I want to go though because it could possibly truncate a header, and i need all headers and full headers

thanks!
George

win32sux · 02-07-2006, 01:37 PM

maybe:

Code:

tcpdump -l -v -n -e > traffic.log

hedpe · 02-07-2006, 01:56 PM

says that the log file is not in a format it can understand

win32sux · 02-07-2006, 02:13 PM

ok. nevermind. it was a shot in the dark.

anyone know how to get tcpdump to output a log that is completely understandable by ethereal??

hedpe · 02-07-2006, 02:23 PM

by using -w file.log, ethereal can understand it, however I can't figure out how to remove the payload and keep all headers