This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Discard/ignore data on capture

0

Hello,

When running a capture, how can I set up wireshark so that it does not save the data portion of a TCP packet? I am only interested in capturing the IP and TCP headers.

Thanks! Scott

asked 24 Jul '15, 16:00

goldscott's gravatar image

goldscott
11114
accept rate: 0%

One Answer:

1

Set the snaplen option for the interface in the capture options, -s on the command line see the Wiki SnapLen page for more info.

For just IP and TCP headers, assuming Ethernet and no IP or TCP options, then 68 bytes "should" be OK.

answered 24 Jul '15, 16:23

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thanks, Graham, that's exactly what I needed!

(24 Jul '15, 17:15) goldscott

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(25 Jul '15, 04:00) grahamb ♦