I am able to find the packets for SSL handshake in the .pcap file but I can’t find the packet which shows the file transfer taking place. We need to find a TCP packet with [PSH, ACK] having dest or src port as 8081 right? Or is it represented in some other way over SSL?
Hey @Piyush You have to find packet number where you get ssl handshake.
SSL encrypts the file transfer process so it isn’t immediately visible. You don’t need to worry about it for this module.
To understand more, you can refer to this link.
Hi @Piyush, The file transfer doesnot always happen over port 8081, that’s why the milestone mentioned to use
port not 8080 rather than
port 8081 in tcpdump config. You can shorten your tcpdump file by filtering it with your
src IP address and running it with config
port not 8080 to see encrypted traffic.
hey @Piyush, its better to include only those ports which are mentioned in config file. You can use OR (||) to filter the command to listen for particular ports.