Module 5 milestone 1

I am running ‘tcpdump port not 8080 -w packet.pcap’ for a second and getting size of packet.pcap 10 MB , what else can be done to restrict it under a MB

Try to listen to 8082 and 8083 only because these are the only ports whitelisted. Not 8080 might listen to all the interfaces. Use the flag to specify the interface and mention the appropriate protocol.

Please refer to the following FAQ


And within 1 second , it will not go to 10 MB. Please check for the filter you are applying.

Since the first milestone requires you to capture ping packets, think if you can somehow capture only the ping packets in the network using tcpdump by adding some relevant parameters.

you might find it helpful

https://www.discoverbits.in/167/shrink-size-pcap-file-without-losing-packet-tshark-wireshark

instead of of port try limiting the ip’s to your server and your laptops public ip.

try -c1000 filter to limit your .pcap file.