Could not figure out filters (port, protocol) of tcpdump command!
If I run a command without -w flag and then run ping it shows output below but when I attach -w flag in this then nothing is being written in pcap file. Now if I do not put filters then pcap file becomes huge in seconds and the size of the whole directory starts increasing automatically untill I reset the workspace. I am stuck in milestone 2
Hi @vipulkrishna,
By nothing is being written in pcap file, do you mean the size of the file after running tcpdump is remaining zero itself or you can’t see anything on opening the file?
you are gonna suggest me to refresh it?
If it’s something like the file size is non-zero on checking but you can’t see anything on opening the file, it could be because the .pcap file having root as owner and we usually open files with crio-user
pcap_check_tcp_handshake
what we have to check in this task i think i have completed ecery milestone but dunno why it is failing
@vipulkrishna
As you rightly mentioned in the description about pcap file size exploding w/o filters, we’ll have to optimally use the filters. Now, how to filter using tcpdump?
This could help
Also, you can use multiple filters simultaneously if required. Search about how to use a combination of filters with tcpdump on Google.
1 Like
i was not able to find the packer number for three way handshake
This could help
If I am applying udp as an filter both dns packets should capture but when I run it and run ping after it it does not gives any output below of tcpdump command in terminal. why is that ?
-
DNS can make use of both TCP and UDP
-
See here for which protocol
pingcommand uses
https://www.paessler.com/it-explained/ping
Thanks, I passed milestone 2. what would I do without you. 
I was wrong. It is showing output fine
Cool, congrats!
I’m just returning favors 