3-way handshake check keeps failing

Milestone#3 keeps failing for TCP 3-way handshake packes.
image

Hi @irfan
Looks like you are facing challenges in the current module.

Below is a link to all the FAQ’s for the current module

Below are a few similar topics raised by other users which you might find usefull

Note - This is a BETA Feature,if you find this helpful, kindly let us know.
Feedback link - https://forms.gle/cmxN5pdTXgnwgC986

Kindly mark this as a solution if this has helped you solve your query

I think my pcap is incorrect…

I am trying the following variations of commands:

sudo tcpdump -i any port not 8081 -w client_connection_file_transfer.pcap -i ens5

sudo tcpdump -Q in "tcp[tcpflags] & (tcp-ack) !=0 and tcp[tcpflags] & (tcp-syn) !=0" -w client_connection_file_transfer.pcap -i ens5

sudo tcpdump -Q in " tcp[tcpflags] & (tcp-syn|tcp-ack) != 0 and tcp[tcpflags] & (tcp-syn&tcp-ack) != 0 " -w client_connection_file_transfer.pcap -i ens5

Hi @irfan,

You basically need to add a filter in Wireshark when you open the file so that you can filter out the relevant packets. You can find some filters here:

https://osqa-ask.wireshark.org/questions/15057/how-to-capture-tcp-3-way-handshake

For starters, try using this filter: (tcp.flags.syn==1 ) || (tcp.flags == 0x0010 && tcp.seq==1 && tcp.ack==1)

How do I handle the limitation of the capture being <=2MB?

hey @irfan can you refer to this FAQ


you can also refer to this cheatsheet for some tips on reducing pcap file size

thanks you can close this.

Closing this topic as your issue is resolved by the mentor. If it is still not resolved, Kindly un-mark the accepted solution or create a new topic and post this question as a reference link in the description of the new topic.

Closing this topic as your issue is resolved by the mentor. If it is still not resolved, Kindly un-mark the accepted solution or create a new topic and post this question as a reference link in the description of the new topic.