I have completed milestone 1 . But then i realised that my pcap file is much greater than 1 MB. How to reduce the size ?
you have to do it again and try to do it without listening at port number 8080 and also try to define interface while running tcpdump
use references of milestone 1
So i need to delete pcap file from laptop and workspace both and start the module from scratch ?
Also, interface should be eth0 or something else ?
Hey @Vaishnavi_Singh you can go on with same pcap file but if it will cause an issue later then you will get error while pushing on git for file size so better you start from creating one again.
Okay…Thank you !
Also you have option in wireshark to reduce the size of any pcap files. filter out packets that you actually need.
check this…it might help.
I tried this, but unable to figure out how to reduce the size. Export_specific_packet option is not working on wireshark !
Oh…Go with the one you find easy to work with.
You have apply display filter option at the top where you can mention different protocols and choose what you need. Like tcp icmp ftp dns…It selects only those packets…you can use combinations too. then goto file->export specified packets.
For choosing range of packets it shows the option while saving the file.
(I found this method very easier to work with. So shared it)
I will try it, thanks a lot !
To make a file of <=1MB size, i am not able to get what command i need to use ?
Do i need to use tcpdump -C command or something else ?
already mentioned it here and just run this for 10 seconds
Use filters with the tcpdump command to reduce the packets being captured by tcpdump. You can use
port not 8080 to filter out http packets from being captured.
Can I use ‘port not 8080’ in reducing the file size in milestone 2 also where i am trying to connect to an external website from the QBox host ?
Yes, please use that.
Its not effective in milestone 2, file size is quite greater than 2mb even with port not 8080
Alternative, you can use this link too for reference:
Analyze what packets are occurring most often and what port they are on. If these are packets that are not needed, you can add a filter rule for those ports as well.
You can also filter on wireshark and save only packets of interest, which will reduce the size.