Check out argus http://www.qosient.com/argus/
It can do exactly what you what. Cheers, Harry On Tue, 2008-12-02 at 17:19 -0800, Subba Rao wrote: > Hello, > > I want to collect data on a network and map the data flow and system/port > traffic. There are 2 scenarios of data collection here. The first is to > collect IP traffic only. In this method I do not want the data portion of > the IP packet (need IP address, source/destination ports etc). > > The second is to collect traffic that will show all the routing protocols > (non-IP) used on this network. Today while collecting the data, I saw > several HSRP packets. I don't know what portion of the packet is sufficient > to capture for this purpose. > > I used the "-s 0" option on tcpdump which captures the whole packet. That is > making the dump file large. Any help with the filters is appreciated to > capture the non-data portion of the packets. > > Thank you in advance. > > Subba Rao
