Solved

FTP output from Wireshak

Posted on 2016-10-25
6
123 Views
Last Modified: 2016-11-02
Hello there,

I am trying to capture FTP packets between my PC(192.1681.123) and IP camera(192.168.1.103) and the FTP port is 2020. But for some reason I get only these 2 packets and the first packet is RED. Can somebody please tell me what is error is about.Below is the screenshot of the wireshark log.

1
0
Comment
Question by:zolf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41859780
My copies of Wireshark show FTP data as FTP, not TCP.
0
 
LVL 36

Accepted Solution

by:
mccarl earned 250 total points
ID: 41859792
@zolf,

Are you sure that the FTP is via port 2020? That is non-standard and from those logs it is not even establishing a TCP connection. However, something else looks wrong in that it is logging a RST packet before the SYN. You say that those are the only 2 packets being logged but there must be more because the packet counter in the upper left is showing packet numbers 521 and 522, so what are the other 520 packets before it?

@Dave,

If port 2020 *IS* the correct port, I think it would only show it as plain TCP anyway because of the non-standard port number. I've only thought that Wireshark uses a "port number to protocol" mapping to decode the traffic.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41859802
@mccarl - looks like you're right.  Wireshark is only showing FTP when the source port is 21 or 20.  When it's a high connecting to 21 or 20, it shows TCP.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 

Author Comment

by:zolf
ID: 41859835
thanks for the feedback.

@mccarl - I changed the default port 21 to 2020 for my application.
so what are the other 520 packets before it?

The reason for this is I filtered the packets to just concentrate on the ftp communication between the devices,like so - (ip.src == 192.168.1.103 || ip.src == 192.168.1.123) && (tcp.port == 2020)
0
 
LVL 36

Assisted Solution

by:Kimputer
Kimputer earned 250 total points
ID: 41860020
Using the most current technology, you cannot ever capture all FTP traffic with one port. The moment the PASV command is issued, dynamic ports come into play and you have to capture that traffic as well (you can still capture that one port, but then you'll only capture the commands, never the data). Don't limit your capture to ports. Just filter on IP address later.
2
 

Author Closing Comment

by:zolf
ID: 41869937
cheers
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This program is used to assist in finding and resolving common problems with wireless connections.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question