Unable to capture desired packets in milestone 3

filters made with tcpdump are the ip-address of my laptop and workspace ip address, yet unable to capture the packets.

Hey yash!
Go through a regular tcpdump and find which all ports or IP’s are connecting way too much. If you remove them using filters then you will get desired packets. Alternatively, you could use protocols to filter too. May be you aren’t using the “and” or “or” properly in your tcpdump command for the source and destination IP thats why you are unable to capture the packet. I hope this helps. :slight_smile:

1 Like

hello midhun!
i captured the required packet when i used the appropriate port no, but when i was analysing the packets on wireshark, i couldnt understand why the source ip and dest ip doesnt match with either of the laptop’s ip or workspace ip?

Hey yash! I think you should read about NAT or Network address translation as this will answer why the source ip and destination ip is different.
Resource: https://whatismyipaddress.com/nat

I hope this helps! :slight_smile:

1 Like

since its a file transfer request i should be getting a ftp packet but im unable to capture ftp packet? i used ftp filter with tcpdump but no success still

Hey pallav! Try not filtering with ftp. Try filtering using ports as this helps. :slightly_smiling_face:

ports will really help, google it, which port will be suitable for dns