Solved

FTP output from Wireshak

Posted on 2016-10-25
6
50 Views
Last Modified: 2016-11-02
Hello there,

I am trying to capture FTP packets between my PC(192.1681.123) and IP camera(192.168.1.103) and the FTP port is 2020. But for some reason I get only these 2 packets and the first packet is RED. Can somebody please tell me what is error is about.Below is the screenshot of the wireshark log.

1
0
Comment
Question by:zolf
6 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41859780
My copies of Wireshark show FTP data as FTP, not TCP.
0
 
LVL 35

Accepted Solution

by:
mccarl earned 250 total points
ID: 41859792
@zolf,

Are you sure that the FTP is via port 2020? That is non-standard and from those logs it is not even establishing a TCP connection. However, something else looks wrong in that it is logging a RST packet before the SYN. You say that those are the only 2 packets being logged but there must be more because the packet counter in the upper left is showing packet numbers 521 and 522, so what are the other 520 packets before it?

@Dave,

If port 2020 *IS* the correct port, I think it would only show it as plain TCP anyway because of the non-standard port number. I've only thought that Wireshark uses a "port number to protocol" mapping to decode the traffic.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41859802
@mccarl - looks like you're right.  Wireshark is only showing FTP when the source port is 21 or 20.  When it's a high connecting to 21 or 20, it shows TCP.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:zolf
ID: 41859835
thanks for the feedback.

@mccarl - I changed the default port 21 to 2020 for my application.
so what are the other 520 packets before it?

The reason for this is I filtered the packets to just concentrate on the ftp communication between the devices,like so - (ip.src == 192.168.1.103 || ip.src == 192.168.1.123) && (tcp.port == 2020)
0
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 250 total points
ID: 41860020
Using the most current technology, you cannot ever capture all FTP traffic with one port. The moment the PASV command is issued, dynamic ports come into play and you have to capture that traffic as well (you can still capture that one port, but then you'll only capture the commands, never the data). Don't limit your capture to ports. Just filter on IP address later.
2
 

Author Closing Comment

by:zolf
ID: 41869937
cheers
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now