Solved

tshark capture filter

Posted on 2009-04-08
4
1,303 Views
Last Modified: 2012-05-06
Hello:

I would like a capture filter that allows me to capture everything *except* the data payload. I want all the header, frame and protocol stuff, just not the data.

Kind of like 'tshark -i eth0 -V -EXCLUDE_DATA_PAYLOAD > capture.txt

Does anyone know how to do this?
0
Comment
Question by:DesertShark2
  • 2
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
SteveJ earned 500 total points
ID: 24109073
The easiest way would just be to capture 40-60 bytes unless you have a very small number of protocols.

Good luck,
Steve
0
 

Author Comment

by:DesertShark2
ID: 24110443
OK, I will try that at 60 bytes and report.
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 24111223
Hey  DesertShark2 . . . I am lazy and that seemed easier to me than having to define IP vs TCP vs UDP vs SMB vs SIP vs STP vs IGMP vs etc, etc, etc headers and the precision it would require.

Good luck,
Steve "Mr Lazy"
0
 

Author Closing Comment

by:DesertShark2
ID: 31568095
Wow, it was so easy all along...thanks!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SNMP Monitoring 7 88
VLAN Routing Using Cisco switches 12 180
VLAN Tag for chained network device. 11 67
Hyper-V 2012 and VPN on 2012 R2 breaking virtual switch 9 56
A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now