Currently I have some traffic being forwarded to a machine in a data center, this machine has a PCAP script running to grab all of this traffic. After X period of time the files are compressed using 7 zip to make the files as small as possible.
The work flow at the moment involves collecting the files directly from the data center and uploading to a work machine for analysis. We have access to another machine on the network not in the data center and would like to collect the files over the network. The only problem is that the PCAP then includes this transfer in the files and as they are already compressed causes the files to balloon in size, going from sub 10 MB to 80 MB+.
It is important to collect all of the network traffic so I was hoping just to filter out transfers between these two machines rather than specifying all of the connections I need to capture.
I tried adding:
"-f not src net 10.213.121.13" "-f not host 10.213.121.13" to the script, but in both cases it complained about a syntax issue. Any ideas of how to accomplish this would be appreciated.
Script:
dumpcap -i1 -b filesize:100000 files:200 -f not src net 10.213.121.13 -w C:\WIRESHARK_LOGS\log_dumpcap