Pcap file filesize is exceeding 2mb

I am capturing the packets using tcpdump command and also applying filter port not 8080.
The file size for ping as well as traceroute pcap is exceeding well above 20 MB even when I am trying my fastest to start and end the commands after opening a few terminals(less than 10secs
believe me). Some strange observations that I have made: When i am using tcp dump without ping on screen(for about 10 secs) the summary shows about “120 packets received by filter”. Using same command to write in file for about the same time of execution summary shows about “2975 packets received by filter”. I am stuck on it please help.

Try putting another filter for the unwanted packets (Most probably excessive number of NFS packets are causing this)

set count filter and try to capture using specific port
ex-
tcpdump -(count filter) (number of packets) -(write filter) (file name) -n port 8081

above will capture specific no. of packets from port 8081

Search the forum for your answer before asking
see this link
https://forum.crio.do/t/hints-regarding-capture-of-the-pcap-file/6798

Use appropriate filter and count flag to ensure limited packets transmission.

@shreyas brother please use -c300 before -w, it will work fine

@shreyas please refer to the attached link

go for the filters that filter the protocol you want to capture for the milestone it will give you the answerthis article can help

Here’s a simple idea:
Make the connection to filezilla before starting tcpdump
then quickly execute commands for transferring files or whatever you’re doing
also if you’re doing ping then you can specify an option to transfer only a few ping packets like 5 or 10

Thanks it helped but still had to be very quick in closing commands. I was only having issue for ping and traceroute.

It was probably that but I could not find how to filter NFS packets.

Can anyone explain why there could be a drastic increase in number of packets when writing to the pcap file though it is in my case only.

Filter out port number 8080(for HTTP) and 2049(for NFS). I think this would reduce the size significantly.