This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to capture TCP without its payload?

0

During sending a large amount of data (~1 TB) there are some kind of connection errors which I want to track out. If I capture the whole tcp traffic, than the final pcap file will be more likely about ~1TB.

How to capture my tcp traffic to a file not writing its payload. I am not interested in contents I send, I am much interested in tcp conversation instead. Is it possible?

Thanks.

asked 11 Jun '12, 05:30

baranovdmi's gravatar image

baranovdmi
1112
accept rate: 0%

One Answer:

2

You could capture the traffic with a packet size limitation (for example 64 bytes) if you do not need the payload. The size should be selected based on the length of the headers you need to keep when capturing. For an ethernet based tcp/ip packet 64 bytes is usually enough if all you need to see is up to the TCP layer.

You can set this limit at the capture interface settings. There is a checkmark called "Limit each packet to" which is usually not checked and has a default size of 65535 bytes. Activate the checkbox and set the limit to whatever suits you.

answered 11 Jun '12, 05:38

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%