Audsin dev wrote:
Is there any command line option to just capture the
packet summary. I invoke ethereal using command line
option "ethereal -f ip6 -i eth1 -k -w my-capture". I
usually capture the packets and later open the
captured file and print the summary and use it for
analysis.
Ethereal, or Tethereal? If you're just capturing packets, and will open
the file later, you can just use Tethereal when capturing.
By packet summary i mean (no, Time, source,
destination, protocol and info).I wish to know if
there exists any command line option so that i can
capture just the packet summary instead of all the
details of the packet
You could use Tethereal and, instead of having it save to a capture file
with the "-w" option, have it print the summary to a text file:
tethereal -f ip6 -i eth1 >my-capture
although that means it's doing more work than it would if it were just
saving the raw packet data to a file and thus might be more likely to
drop packets. That text file, obviously, can't be read by Ethereal, so
you wouldn't be able to look at the packet details if you later decided
you wanted to - that information would not have been saved.
If you're writing to a capture file with "-w", there is no such notion
as "capturing just the packet summary". What Ethereal and Tethereal
capture, and write to a capture file with "-w", is the raw packet data;
there isn't any notion of capturing "just the packet summary".
You can arrange to capture no more than the first N bytes of a packet,
with the "-s" command line option; however, that could mean that you
don't capture enough information in the packet to dissect all the
protocol layers of the packet, which means that some or all of the
fields in the summary will be different from what you'd have if you
captured the full packet.