Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

FTP output from Wireshak

Posted on 2016-10-25
6
95 Views
Last Modified: 2016-11-02
Hello there,

I am trying to capture FTP packets between my PC(192.1681.123) and IP camera(192.168.1.103) and the FTP port is 2020. But for some reason I get only these 2 packets and the first packet is RED. Can somebody please tell me what is error is about.Below is the screenshot of the wireshark log.

1
0
Comment
Question by:zolf
6 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41859780
My copies of Wireshark show FTP data as FTP, not TCP.
0
 
LVL 35

Accepted Solution

by:
mccarl earned 250 total points
ID: 41859792
@zolf,

Are you sure that the FTP is via port 2020? That is non-standard and from those logs it is not even establishing a TCP connection. However, something else looks wrong in that it is logging a RST packet before the SYN. You say that those are the only 2 packets being logged but there must be more because the packet counter in the upper left is showing packet numbers 521 and 522, so what are the other 520 packets before it?

@Dave,

If port 2020 *IS* the correct port, I think it would only show it as plain TCP anyway because of the non-standard port number. I've only thought that Wireshark uses a "port number to protocol" mapping to decode the traffic.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41859802
@mccarl - looks like you're right.  Wireshark is only showing FTP when the source port is 21 or 20.  When it's a high connecting to 21 or 20, it shows TCP.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:zolf
ID: 41859835
thanks for the feedback.

@mccarl - I changed the default port 21 to 2020 for my application.
so what are the other 520 packets before it?

The reason for this is I filtered the packets to just concentrate on the ftp communication between the devices,like so - (ip.src == 192.168.1.103 || ip.src == 192.168.1.123) && (tcp.port == 2020)
0
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 250 total points
ID: 41860020
Using the most current technology, you cannot ever capture all FTP traffic with one port. The moment the PASV command is issued, dynamic ports come into play and you have to capture that traffic as well (you can still capture that one port, but then you'll only capture the commands, never the data). Don't limit your capture to ports. Just filter on IP address later.
2
 

Author Closing Comment

by:zolf
ID: 41869937
cheers
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question