I am able to find the packets for SSL handshake in the .pcap file but I can’t find the packet which shows the file transfer taking place. We need to find a TCP packet with [PSH, ACK] having dest or src port as 8081 right? Or is it represented in some other way over SSL?
SSL encrypts the file transfer process so it isn’t immediately visible. You don’t need to worry about it for this module.
To understand more, you can refer to this link.
https://en.wikiversity.org/wiki/Wireshark/HTTPS
1 Like
Hi @Piyush, The file transfer doesnot always happen over port 8081, that’s why the milestone mentioned to use port not 8080 rather than port 8081 in tcpdump config. You can shorten your tcpdump file by filtering it with your src IP address and running it with config port not 8080 to see encrypted traffic.
hey @Piyush, its better to include only those ports which are mentioned in config file. You can use OR (||) to filter the command to listen for particular ports.