How to record only the header info when using `tcpdump`

networking command-line monitoring tcpdump
10,915

I was in the same situation and I solved it by adding -s 96

Share:
10,915

Related videos on Youtube

Dan Rayson
Author by

Dan Rayson

Software Architecture, Business Intelligence and Artificial Intelligence, Web Platforms and Services, Game Engines, UI Tools C#, Java, Web Stuff, UI Stuff

Updated on September 18, 2022

Comments

  • Dan Rayson
    Dan Rayson almost 2 years

    When running the following command

    tcpdump -i deviceName 'host 1.2.3.4' -q -w /mypath/dump.pcap

    the dump file contains a huge amount of data because there's a lot of traffic. However, I only need to save the header details of each packet, not the entire contents. I tried using the -q switch (for "quiet") but that's not helping.

    I need Time, Source, Destination, Protocol and Length. I do not need any of the other information, and especially not the full contents of each packet.

    If there's a way to ignore the contents and only write the header details to disk so as to save space? I'm getting to over a GB in a matter of minutes :(

    I've seen many questions about how to increase the amount of data saved, but nothing for reducing it. Am I barking up the wrong tree?

    • Sjoerd
      Sjoerd over 5 years
    • Bodo
      Bodo over 5 years
      See option -s snaplen or --snapshot-length=snaplen. See tcpdump.org/manpages/tcpdump.1.html. They seem to have increased the default. (I remember that in old times I often had to increase the value which was less than 100 at this time.)
    • Dan Rayson
      Dan Rayson over 5 years
      I was under the impression that snaplen would only record information regarding packets below a certain size, not that it would limit what was saved to file. I'll take a look and get back to you. Thanks guys.
    • Rui F Ribeiro
      Rui F Ribeiro over 5 years
      Local login or remote ssh session?
    • Dan Rayson
      Dan Rayson over 5 years
      @RuiFRibeiro I'm running the commands using PuTTY, if I'm honest I don't know what protocol that is, probably SCP, though.
  • Dan Rayson
    Dan Rayson over 5 years
    Thanks Zatarra, adding this really simple bit sorted it out for me. I still get all the info I need but without the nasty overhead. Cheers!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to tell which processes are uploading and downloading data (and how much)?
Command to know the Network Switch IP
How to get current bandwidth usage from command line using built-in Linux tools?
How to transparently monitor SSH access/network traffic in Gentoo/general linux?
TCP Server sends [ACK] followed by [PSH,ACK]
Networked drive in purgatory after `net use` start-up script
How to see all Request URLs the server is doing (final URLs)
Stripping payload from a tcpdump?
How can I chat in the terminal on a local LAN?
Getting current TCP connection count on a system