Can I configure Wireshark to capture ip header only, not the whole packet. Also, can I sample the capture in such way that only 1 out 10 packets will be captured. We are trying to use Wireshark to do the same job as netflow.
You can use expressions to filter what you receive or what you view. You can also filter a capture based on the conversation that is happening. A better place for more info would be the wireshark page: http://www.wireshark.org/ or Laura Chappell's page at http://www.wiresharktraining.com/ Wireshark does have many options to filter a capture.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.