filters made with tcpdump are the ip-address of my laptop and workspace ip address, yet unable to capture the packets.
Go through a regular tcpdump and find which all ports or IP’s are connecting way too much. If you remove them using filters then you will get desired packets. Alternatively, you could use protocols to filter too. May be you aren’t using the “and” or “or” properly in your tcpdump command for the source and destination IP thats why you are unable to capture the packet. I hope this helps.
i captured the required packet when i used the appropriate port no, but when i was analysing the packets on wireshark, i couldnt understand why the source ip and dest ip doesnt match with either of the laptop’s ip or workspace ip?
Hey yash! I think you should read about NAT or Network address translation as this will answer why the source ip and destination ip is different.
I hope this helps!
since its a file transfer request i should be getting a ftp packet but im unable to capture ftp packet? i used ftp filter with tcpdump but no success still
Hey pallav! Try not filtering with ftp. Try filtering using ports as this helps.
ports will really help, google it, which port will be suitable for dns