Do we need to transfer file from laptop to workspace or from workspace to laptop ?
Also I m Unable to understand the following statements :
client_connection_file_transfer.pcap and copy it to the analyzing_protocol directory.How to use tcpdump to capture from filezilla, and which file to rename ?
It’s okay if you do an upload/download, either of them would suffice.
- During the above procedures, collect the pcap on the QBox Server.
Like we did it in the previous module collect the request packets
- Rename the pcap file to
client_connection_file_transfer.pcapand copy it to theanalyzing_protocoldirectory.
Your packet dump having the Filezilla-QBox Server interaction should be saved into a file with the given name
How to collect pcap during upload/download from filezilla and what filename should i use in tcpdump while collecting ?
By pcap they meant storing output of tcpdump to a pcap file. Use this filename to store the contents, client_connection_file_transfer.pcap
Okay, so i ran tcpdump and then transferred files using filezilla and stored the output on client_connection_file_transfer.pcap. Am I right ?
Got it, Thanks a lot
packet_numbers_for_tcp_connection_setup in the analyzing_protocol directory.client_connection_file_transfer.pcap , specify the packet numbers where TCP connection establishment is seen as a comma separated list.Hey @Vaishnavi_Singh @nabhanpv from where can I get time taken for establishment
which is asked in point 3 , as I can’t find it in .pcap file and ttl time is loop around time, it will be kind of you if u could hint me this
@divs30
The time taken for establishment is the time difference b/w the first packet and the last packet among the packets involved in TCP connection establishment
but I can’t find any time written anywhere in .pcap file so from at which place I an find this time as tcpdump just gives total packet tranfer, do I need to calculate it manually
You can see the time by selecting a packet and inspecting it in Wireshark’s Packet Details pane. Try expanding the protocols and find the time taken by the packet since the first packet of the TCP stream as well as from the previous packet reaching
will there be any problem if I directly recorded in client_connection_file_transfer.pcap
without copy and transfering to required directory?? @nabhanpv
Sorry, I didn’t get what you meant
I mean in the task it is asked to first receive packets in an arbitrary file than rename it client_connection_file_transfer.pcap and then move it to analyzing_protocol directory. what if I directly created the file in this directory and captured the packets??as
Ask yourself this: Will the contents of the file will change if I rename a file? So, does it make a difference if I rename a file or actually create with the required name itself?
no, renaming won’t change content but I tried it doing it the rt directory and tried to transfer packets but I am getting permission issues so thought may be this can be the reason which is :
crio-user@divyashahi139:~/workspace/divyashahi139-ME_QBOX/analyzing_protocol$ command
tcpdump: ens5: You don’t have permission to capture on that device
(socket: Operation not permitted)
Please delete the command part from your comment. Just mention I'm getting tcpdump: ens5: You don’t have permission to capture on that device (socket: Operation not permitted) error while using tcpdump. It’s against the program guidelines to share answers/code.
https://crio-launch-v1.slack.com/archives/CSQ9V88CR/p1580725010492300
What do we do normally when Linux tells us we don’t have permission to do something?
got it! thanks for hinting
sorry, and thanks for reminding