Answer the question
In order to leave comments, you need to log in
How to make tcpdump not save packet data to a file?
Hello.
I use tcpdump to write network traffic to a binary file (option -w), but it writes entire packets to the file, how to make sure that only headers (ip, tcp, udp) are written to the file, a copy of the viewed youtube is not needed :)
Essentially needed only addresses, ports and packet length
Answer the question
In order to leave comments, you need to log in
Specify exactly how much to take from the bag.
-s 96
From the docks:
Snarf snaplen bytes of data from each packet rather than the default of 68 (with NIT, the minimum is actually 96). 68 bytes is adequate for IP, ICMP, TCP and UDP but may truncate protocol information from name server and NFS packets (see below). Packets truncated because of a limited snapshot are indicated in the output with ``[|proto]'', where proto is the name of the protocol level at which the truncation has occurred. Note that taking larger snapshots both increases the amount of time it takes to process packets and, effectively, decreases the amount of packet buffering. This may cause packets to be lost. You should limit snaplen to the smallest number that will capture the protocol information you're interested in.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question