This is our old Q&A Site. Please post any new questions and answers at


When running a capture, how can I set up wireshark so that it does not save the data portion of a TCP packet? I am only interested in capturing the IP and TCP headers.

Thanks! Scott

asked 24 Jul '15, 16:00

goldscott's gravatar image

accept rate: 0%

Set the snaplen option for the interface in the capture options, -s on the command line see the Wiki SnapLen page for more info.

For just IP and TCP headers, assuming Ethernet and no IP or TCP options, then 68 bytes "should" be OK.

permanent link

answered 24 Jul '15, 16:23

grahamb's gravatar image

grahamb ♦
accept rate: 22%

Thanks, Graham, that's exactly what I needed!

(24 Jul '15, 17:15) goldscott

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(25 Jul '15, 04:00) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 24 Jul '15, 16:00

question was seen: 2,109 times

last updated: 25 Jul '15, 04:00

p​o​w​e​r​e​d by O​S​Q​A