Unable to understand Milestone 3

Do we need to transfer file from laptop to workspace or from workspace to laptop ?

Also I m Unable to understand the following statements :

  1. During the above procedures, collect the pcap on the QBox Server.
  2. Rename the pcap file to client_connection_file_transfer.pcap and copy it to the analyzing_protocol directory.

How to use tcpdump to capture from filezilla, and which file to rename ?

@Vaishnavi_Singh

It’s okay if you do an upload/download, either of them would suffice.

  1. During the above procedures, collect the pcap on the QBox Server.

Like we did it in the previous module collect the request packets

  1. Rename the pcap file to client_connection_file_transfer.pcap and copy it to the analyzing_protocol directory.

Your packet dump having the Filezilla-QBox Server interaction should be saved into a file with the given name

How to collect pcap during upload/download from filezilla and what filename should i use in tcpdump while collecting ?

By pcap they meant storing output of tcpdump to a pcap file. Use this filename to store the contents, client_connection_file_transfer.pcap

Okay, so i ran tcpdump and then transferred files using filezilla and stored the output on client_connection_file_transfer.pcap. Am I right ?

Yep, @Vaishnavi_Singh

Got it, Thanks a lot

Record your observations

  1. Create file named packet_numbers_for_tcp_connection_setup in the analyzing_protocol directory.
  2. On the first line: From client_connection_file_transfer.pcap , specify the packet numbers where TCP connection establishment is seen as a comma separated list.
  3. On the second line: specify the integer value for time taken for this establishment in milliseconds. ( If the connection establishment is taking too long, it points to a slow network. )

Hey @Vaishnavi_Singh @nabhanpv from where can I get time taken for establishment
which is asked in point 3 , as I can’t find it in .pcap file and ttl time is loop around time, it will be kind of you if u could hint me this

@divs30
The time taken for establishment is the time difference b/w the first packet and the last packet among the packets involved in TCP connection establishment

but I can’t find any time written anywhere in .pcap file so from at which place I an find this time as tcpdump just gives total packet tranfer, do I need to calculate it manually

You can see the time by selecting a packet and inspecting it in Wireshark’s Packet Details pane. Try expanding the protocols and find the time taken by the packet since the first packet of the TCP stream as well as from the previous packet reaching

will there be any problem if I directly recorded in client_connection_file_transfer.pcap

without copy and transfering to required directory?? @nabhanpv

Sorry, I didn’t get what you meant

I mean in the task it is asked to first receive packets in an arbitrary file than rename it client_connection_file_transfer.pcap and then move it to analyzing_protocol directory. what if I directly created the file in this directory and captured the packets??as

Ask yourself this: Will the contents of the file will change if I rename a file? So, does it make a difference if I rename a file or actually create with the required name itself?

:slight_smile:

no, renaming won’t change content but I tried it doing it the rt directory and tried to transfer packets but I am getting permission issues so thought may be this can be the reason which is :
crio-user@divyashahi139:~/workspace/divyashahi139-ME_QBOX/analyzing_protocol$ command
tcpdump: ens5: You don’t have permission to capture on that device
(socket: Operation not permitted)

Please delete the command part from your comment. Just mention I'm getting tcpdump: ens5: You don’t have permission to capture on that device (socket: Operation not permitted) error while using tcpdump. It’s against the program guidelines to share answers/code.
https://crio-launch-v1.slack.com/archives/CSQ9V88CR/p1580725010492300

What do we do normally when Linux tells us we don’t have permission to do something?

got it! thanks for hinting

sorry, and thanks for reminding :slight_smile: