Trimming data from your captures

Observer Analyzer : Observer Analyzer : Security and Privacy : Sharing packet captures with third-parties : Trimming data from your captures

Packet headers may contain the most useful information because they contain routing information and protocol details. You can discard the packet payload for more efficient troubleshooting.

Under these circumstances, you may want to truncate most payload data from the packet header(s). In Observer, the result is a partial packet capture.

Some benefits of partial packet captures include:

♦Smaller capture sizes

●More overall storage space for packet captures

●Greatly increases the effective storage size of a GigaStor (or other capture buffer)

♦Performance metrics remain intact

♦Increased overall privacy

♦Least resource intensive capturing

Some disadvantages of partial packet captures include:

♦Not all network traffic is stored to disk

●Forensics may be hindered without full payload data

●Data stream reconstruction may not work

♦Most resource intensive capturing

●Increases CPU utilization

1. Choose Configuration > Packet Capture > Settings > Capture Options .

2. Enable Capture Partial Packets (Bytes).

Figure 46: Configuring partial packet captures

It is possible to decrease or increase the default 64-byte partial packet capture size. Click the Change Size button to set a custom value. From then on, each packets’ bytes following the target value are discarded from capture.