Stuck on milestone1

Stuck on this milestone since this morning.
I simply cant understand what to do?
What is the Qhost target ip address?
Is it 0.0.0.0?
How exactly do i use tcpdump

The target ip is the workspace ip.
You can go through the links below the milestone or Google in general to learn about tcpdump.


ICMP packets doesnt have my laptops ip address on it. Am i on right track.
Do i also need to mention ip address of my laptop or port number in tcpdump command?

49.35.224.15 is probably be your network’s public ip. As far as I know you are on right track

How do i make sure that it is my public ip. Got it thanks

The size of tcpdump file is increasing very fastly. How can i make sure that the file size of ping_capture.pcap does not exceed 1mb and ping_traceroute.pcap does not exceed 2mb

you have 2 options:

In milestone 1 you use ping. You have option to capture packets for a specific interface
https://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/
hint: what protocol does ping use?

or

let the file size increase. don’t worry about it first. Download it to your laptop, open that file in wireshark and then you need to figure out how you can filter out packets based on various factors in wireshark.( this is really going to help you in next tasks ) You have option to export specified packets. or export particular range of packets (and even more). That will reduce .pcap file’s size. Use it later for assessment purpose.

I have completed milestone 1. But now i realised that my file size is greater than 1 MB. Do i need to take observations again after reducing the file size ?
Also, if I reduce my file size using wireshark then size of that will get automatically reduced in my workspace or I need to download it again using filezilla ?

Reduced file will be on your laptop. So you will have to download the reduced file on your workspace using filezilla

So, i need to take the readings again ?

What readings? The size of the file is less than 1mb and you have the necessary packets in it. Thats it guess

Layers name, internal ip address etc that are mentioned in task 1.

The ip address of internal server does not change. But i may be wrong. I will have to check that. And the other info is in the pcap file

Okay , Thank you !!!

How have you reduced the size of pcap file

Not able to reduce the size !

check out concept of rotation of file in tcpdump

Hi @AmoghaKS I did what you said and it worked. I have a question. When I use tcpdump --help command, I don’t see the mention of the -n flag. Can you tell me what’s happening.

you used ‘–help’ and what you’re seeing is only a part of info from the manual page.

-n is an available option with tcpdump. And yes, only because it is available, you can make use of it. otherwise it would have thrown an error.
To ensure that goto manual page of tcpdump.
use: man tcpdump, you’ll find all the available options and complete information.

@AmoghaKS can you help me in this: Can't save the data to .pcap file ?