Could not figure out filters (port,protocol) of tcpdump command!

Could not figure out filters (port, protocol) of tcpdump command!
If I run a command without -w flag and then run ping it shows output below but when I attach -w flag in this then nothing is being written in pcap file. Now if I do not put filters then pcap file becomes huge in seconds and the size of the whole directory starts increasing automatically untill I reset the workspace. I am stuck in milestone 2

Hi @vipulkrishna,
By nothing is being written in pcap file, do you mean the size of the file after running tcpdump is remaining zero itself or you can’t see anything on opening the file?

you are gonna suggest me to refresh it?

If it’s something like the file size is non-zero on checking but you can’t see anything on opening the file, it could be because the .pcap file having root as owner and we usually open files with crio-user

I want to filter on esn5 in between regular traffic and ping google.com. How can I do that?

pcap_check_tcp_handshake
what we have to check in this task i think i have completed ecery milestone but dunno why it is failing

@vipulkrishna
As you rightly mentioned in the description about pcap file size exploding w/o filters, we’ll have to optimally use the filters. Now, how to filter using tcpdump?
This could help

Also, you can use multiple filters simultaneously if required. Search about how to use a combination of filters with tcpdump on Google.

1 Like

@yashkedia
What review message are you getting in the unit testing log file?

i was not able to find the packer number for three way handshake

This could help

If I am applying udp as an filter both dns packets should capture but when I run it and run ping after it it does not gives any output below of tcpdump command in terminal. why is that ?

Thanks, I passed milestone 2. what would I do without you. :star_struck:

I was wrong. It is showing output fine

Cool, congrats!
I’m just returning favors :smile: