FTP output from Wireshak

Hello there,

I am trying to capture FTP packets between my PC(192.1681.123) and IP camera(192.168.1.103) and the FTP port is 2020. But for some reason I get only these 2 packets and the first packet is RED. Can somebody please tell me what is error is about.Below is the screenshot of the wireshark log.

1
zolfAsked:
Who is Participating?
 
mccarlConnect With a Mentor IT Business Systems Analyst / Software DeveloperCommented:
@zolf,

Are you sure that the FTP is via port 2020? That is non-standard and from those logs it is not even establishing a TCP connection. However, something else looks wrong in that it is logging a RST packet before the SYN. You say that those are the only 2 packets being logged but there must be more because the packet counter in the upper left is showing packet numbers 521 and 522, so what are the other 520 packets before it?

@Dave,

If port 2020 *IS* the correct port, I think it would only show it as plain TCP anyway because of the non-standard port number. I've only thought that Wireshark uses a "port number to protocol" mapping to decode the traffic.
0
 
Dave BaldwinFixer of ProblemsCommented:
My copies of Wireshark show FTP data as FTP, not TCP.
0
 
Dave BaldwinFixer of ProblemsCommented:
@mccarl - looks like you're right.  Wireshark is only showing FTP when the source port is 21 or 20.  When it's a high connecting to 21 or 20, it shows TCP.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
zolfAuthor Commented:
thanks for the feedback.

@mccarl - I changed the default port 21 to 2020 for my application.
so what are the other 520 packets before it?

The reason for this is I filtered the packets to just concentrate on the ftp communication between the devices,like so - (ip.src == 192.168.1.103 || ip.src == 192.168.1.123) && (tcp.port == 2020)
0
 
KimputerConnect With a Mentor Commented:
Using the most current technology, you cannot ever capture all FTP traffic with one port. The moment the PASV command is issued, dynamic ports come into play and you have to capture that traffic as well (you can still capture that one port, but then you'll only capture the commands, never the data). Don't limit your capture to ports. Just filter on IP address later.
2
 
zolfAuthor Commented:
cheers
0
All Courses

From novice to tech pro — start learning today.