Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1359
  • Last Modified:

tshark capture filter

Hello:

I would like a capture filter that allows me to capture everything *except* the data payload. I want all the header, frame and protocol stuff, just not the data.

Kind of like 'tshark -i eth0 -V -EXCLUDE_DATA_PAYLOAD > capture.txt

Does anyone know how to do this?
0
DesertShark2
Asked:
DesertShark2
  • 2
  • 2
1 Solution
 
SteveJCommented:
The easiest way would just be to capture 40-60 bytes unless you have a very small number of protocols.

Good luck,
Steve
0
 
DesertShark2Author Commented:
OK, I will try that at 60 bytes and report.
0
 
SteveJCommented:
Hey  DesertShark2 . . . I am lazy and that seemed easier to me than having to define IP vs TCP vs UDP vs SMB vs SIP vs STP vs IGMP vs etc, etc, etc headers and the precision it would require.

Good luck,
Steve "Mr Lazy"
0
 
DesertShark2Author Commented:
Wow, it was so easy all along...thanks!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now