Capture network traffic, without the data component of TCP packets.

03-18-2005, 03:19 PM

Hi
I am testing how much data flows between 2 servers (Server 2003, File
Replication), using Ethereal. The problem is that the log files get
very large very fast, as libcat/tcpdump files include all the data as
well as the TCP information.

Is there a way I can capture all of the TCP info (source IP+mac,
protocol etc), WITHOUT capturing the actual DATA part of the packet?
I want to capture a whole days worth of traffic, and then analyse the
peak times etc.

Thanks,
Nick

03-18-2005, 05:40 PM

You can configure a pre-capture filter in ethereal to limit the data
that it captures. Read more here:
http://www.ethereal.com/docs/user-gu...erSection.html

Good Luck,
Rick Gouin, MCSE

03-19-2005, 09:14 PM

I realise that you can use capture filters with Ethereal.

99% of the traffic is IP traffic between ServerA and ServerB
(synchronising files). Yes we could filter out traffic from other
computers, or filter out ARP traffic, but the reduction would be
negligible.

Can anyone recommend a technique to capture the details of the
traffic, but not the actual DATA component of the traffic?

Thanks
Nick

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How to capture network traffic during computer bootup	Kent	Windows Networking	2	05-02-2008 07:42 AM
Newbie wants to look at other people's packets (promiscuous mode fails to capture packets)	George D.	Wireless Internet	1	07-14-2007 07:09 AM
how to capture ARP packets (among others) ?	Siddharth Jain	Linux Networking	9	08-30-2005 03:09 PM
Network cable to capture data..	BWGames	Linux Networking	2	04-30-2004 08:31 AM
Network traffic capture, and rotating files with compression	Richard Gunn	Linux Networking	6	01-30-2004 10:20 PM