Sake
I just reviewed the packet and I am going to need the IGMP information
which is the next 64 bytes.
Is this going to be difficult? Should I collect the entire packet? If
so is Dumpcap still the best?
Thanks
Terry Martin
TimeData Corporation
VP of Network Operation
East Coast Number: 212-644-1600 X3
West Coast Number 503-678-2224
Cell: 503-318-8909
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Thursday, November 13, 2008 8:54 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Question
On Thu, Nov 13, 2008 at 11:07:26AM -0500, Terry Martin wrote:
> I am setting up Tshark to continuously collected information on a
network
> connection
If you want to capture continuously, dumpcap is a better choice as it
does not keep state of the packets it captures, it just writes them to
disk.
> and store the information into a file very 15 minutes with the
> name of the file being mm_dd_hh_mm.
With the -b duration:900 -w dump.cap, dumpcap would use a serial number
as well as a datetime string in the filename. It writes files like this:
Packets: 58 File: dump_00002_20081113174508.cap
Packets: 85 File: dump_00003_20081113174532.cap
Packets: 306 File: dump_00004_20081113174537.cap
(note that it does not create a new file when there were no packets
after switching to the next file)
Would that do?
> I want this collection to only save
> the header information
What do you mean by "header"? Just the ip-header? If so, you can use the
snaplength option to cut off after 14 (eth) + 20 (ip) = 34 octets
(assuming no extra IP options are used):
dumpcap -s 34
> from all IP multicast traffic
Would that be a capture filter like "net 224.0.0.0 mask 224.0.0.0"
> Is there a way I can setup Tshark to collect this information? Can
anyone
> give me any ideas how to set this up?
In short:
dumpcap -w dump.cap -i <int> -b duration:900 -s 34 "net 224.0.0.0 mask
224.0.0.0"
Hope this helps,
Cheers,
Sake
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users