I am working with tethereal to sniff IPX traffic on a logging server attached in front of a Netware 4 server. What we were hoping to achieve is to capture the first part of the packets so we would have an independent system logging file access on the server.
Everything is working ok but it seems we can't both decode IPX traffic and limit the size of the packet captured. This is the command we have been working with... tethereal -i dc0 -q -s 64 -x -F ngwsniffer_2_0 -w /usr/ipx64.cap & What we want to mimic is an "ngrep" type effect where we can decode the traffic and capture just enough of the packet to know the originating address and the file they were viewing. The problem is that it seems if we decode the traffic it wants to capture the entire packet and we are getting GB's of traffic logged each day. Any ideas? Thanks, Justin.
