Unable to redirect tcpdump command's output to .pcap file ;module 5, task #1

Am using DOS prompt on windows . Ping is working fine, It sent and received packets.
I restricted tcpdump to capture only protocol used by ping command. I can see the output on terminal but not able to redirect it to ping_capture.pcap(it shows nothing). I used -w with tcpdump command to write output to file.

Also how should I download .pcap file to my laptop once I get the output in ping_capture.pcap file?

The pcap file is created in working directory of the terminal where you executed the command. You can download it by connecting to Filezilla.

1 Like

@shoryajain

Yeah I can see my ping_capture.pcap in my workspace but it doesnt contain anything. it’s size is 0 bytes. is there any rule I need to follow while writing output to ping_capture.pcap file?

Hey, you can go through this link to understand as to how the packets are written inside the pcap file using tcpddump.
Also make sure you’re performing the required task while writing into the file.
https://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/

As such there is no rule, but if the file size is 0 bytes I recommend you should capture the packets again. Try not restricting ports instead if the problem still persists? I was actually able to do it without port restriction so I never had this issue :sweat_smile:

I just had to refresh my workspace. File sizes aren’t zero now. :expressionless: I don’t understand why such behavior would happen
Thanks @Rahul-Crio.do @shoryajain :slightly_smiling_face:

1 Like

.pcap files donot show any content on being opened in vscode. But if I try to read them using Tcpdump, I can see the results. Why does happens? And also how to store traceroute output in .pcap files. Simply logging them into .pcap files shows error on opening in wireshark. Please look into this @AmoghaKS @Rahul-Crio.do

check reference to find how you can write output to a file. The one Rahul has mentioned above.

Download .pcap files rather than trying to view in vscode. It definitely opens in vscode but takes time. And you dont have to do open it in vscode
wait for sometime so that .pcap files get filled with content of output.
your .pcap files shouldn’t be zero bytes. check it ; then download.
(this is what I followed and it worked for me)

How did you used tcpdump, i am following commands from given references in milestones but I am getting this error :- bash: /usr/sbin/tcpdump: Permission denied
How to resolve this please help

Use it with tcpdump command with sudo

Yes I tried it with sudo also put still I am unable to run command.
Are there any prerequisites to run tcpdump or any directory, I am stuck on it from long time

can you send a screenshot

Itz cz eth0 is not available for you.

Use: tcpdump -D
That shows you all available options that u can use with -i

Check forum…there are many discussions on filtering of packets

Please use valid network interface to capture packet.

And from all available which one to use ? Does it matter?

The names are standard of basic network interfaces, like lo refers to loopback interface which does not connect out to the internet and refers to localhost a.k.a 127.0.0.1. You can learn more about the naming of network interfaces to know which one to use

Alternatively, you can use -i any to listen on all network interfaces

In previous versions of ubuntu, the ethernet interfaces were named as eth0 but the naming convention has changed in later versions causing the issue.
Refer this for more info: https://blog.learningtree.com/new-names-linux-network-interfaces/

Hope this helps!