Tcpdump file size

the file size exceeds way too in size of milestone 2 despite using the filter for port .

@mohit2707
You can try filtering out packets from the ports that flood the tcpdump output.
This could help

you can apply filters like what packets u want and which mode…go through the tcpdump options and it will be much clear…the more precise filter u apply…smaller the size

refer this for more help …u will get an idea

The is also an option to capture the big pcap file, download and work on that file to get required packets then export that file as it will have very less size. Then upload that file with the given file name in the module.

without even using ping command to google.com it is capturing many packets and i dont know where are the coming from.

@mohit2707
I think you missed this post :slightly_smiling_face:

i am using the filter for the 8080 port but even then its not making any difference
when i tried using tcpdump with the filters and not even going for google. com ping command
the tcpdump command is capturing packets in 20k values

There’s one more port that floods request like 8080

Here is something that might help: Hints regarding capture of the pcap file

Upvote if useful! Happy coding. :slightly_smiling_face:

Read the milestones to understand which protocols you want to capture for that milestone?
hint: ping command uses udp(for dns) and icmp.
FTP uses tcp in network layer.

Use tcpdump with filters for required protocols to be captured. You can use and , or , not etc.
ex: tcpdump protocol1 or protocol2

Some commands like ping/traceroute don’t have a port associated so we can’t make use of port filter there .
But FTP(file transfers) have a port associated to the process, you can also use that for filtering.
ex: tcpdump port 1234 and protocol1

1 Like