i am not understanding filtering in tcpdump for capturing packets for google.com people on forum are saying use dns port to filter i am confused because in milestone it is saying capture google.com packets so capturing only dns packets we are avoiding capturing some packets and if not using dns as a filter what should i use in tcpdump
tcpdump command can be executed normally without applying the protocol filter.
You can apply filters to wireshark to see the required packet faster.
Read about name resolution and see which protocol is used for it.
but if i does’nt apply any filter my file will be greater than 2 mb what about that
Hint: look into what -c option does for tcpdump.
Use this as reference.
You do not have to see “Google” at the source or destination. Source and destination are the ip addresses from where the packets are moving.
Resolution of the name will be found in the last column (info) of the list.