Typically, packet headers contain the most useful information because they contain routing information and protocol information. The packet payload counterpart, however, is sometimes wasteful to collect because most troubleshooting is done just with the header and the payload may contain sensitive information.
Under these circumstances, you may want to truncate most payload data from the packet header(s). In Observer, the result is a partial packet capture.
Some benefits of partial packet captures include:
Smaller capture sizes
More overall storage space for packet captures
Greatly increases the effective storage size of a GigaStor (or other capture buffer)
Performance metrics remain intact
Increased overall privacy
Least resource intensive capturing
Some disadvantages of partial packet captures include:
Not all network traffic is stored to disk
Forensics may be hindered without full payload data
Data stream reconstruction may not work
Most resource intensive capturing
Increases CPU utilization
To configure the GigaStor probe to trim all packet data beyond the first 64-bytes, choose Live > Packet Capture and then Settings > Capture Options. In that tab, enable Capture Partial Packets (Bytes).
1. On the Home tab, in the Capture group, click GigaStor.
2. Click the Settings button.
3. Click the General Options tab. See Setting the GigaStor general options for a description of each field.
4. Enable the Capture partial packets option and choose how many bytes to include in the capture. The rest of the packet beyond what you define is excluded and is not saved to disk.
It is possible to decrease or increase the default 64-byte partial packet capture size. Click the Change Size button to set a custom value. From then on, each packets’ bytes following the target value are discarded from capture.