Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

FTP output from Wireshak

Posted on 2016-10-25
6
Medium Priority
?
145 Views
Last Modified: 2016-11-02
Hello there,

I am trying to capture FTP packets between my PC(192.1681.123) and IP camera(192.168.1.103) and the FTP port is 2020. But for some reason I get only these 2 packets and the first packet is RED. Can somebody please tell me what is error is about.Below is the screenshot of the wireshark log.

1
0
Comment
Question by:zolf
6 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 41859780
My copies of Wireshark show FTP data as FTP, not TCP.
0
 
LVL 36

Accepted Solution

by:
mccarl earned 1000 total points
ID: 41859792
@zolf,

Are you sure that the FTP is via port 2020? That is non-standard and from those logs it is not even establishing a TCP connection. However, something else looks wrong in that it is logging a RST packet before the SYN. You say that those are the only 2 packets being logged but there must be more because the packet counter in the upper left is showing packet numbers 521 and 522, so what are the other 520 packets before it?

@Dave,

If port 2020 *IS* the correct port, I think it would only show it as plain TCP anyway because of the non-standard port number. I've only thought that Wireshark uses a "port number to protocol" mapping to decode the traffic.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 41859802
@mccarl - looks like you're right.  Wireshark is only showing FTP when the source port is 21 or 20.  When it's a high connecting to 21 or 20, it shows TCP.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:zolf
ID: 41859835
thanks for the feedback.

@mccarl - I changed the default port 21 to 2020 for my application.
so what are the other 520 packets before it?

The reason for this is I filtered the packets to just concentrate on the ftp communication between the devices,like so - (ip.src == 192.168.1.103 || ip.src == 192.168.1.123) && (tcp.port == 2020)
0
 
LVL 37

Assisted Solution

by:Kimputer
Kimputer earned 1000 total points
ID: 41860020
Using the most current technology, you cannot ever capture all FTP traffic with one port. The moment the PASV command is issued, dynamic ports come into play and you have to capture that traffic as well (you can still capture that one port, but then you'll only capture the commands, never the data). Don't limit your capture to ports. Just filter on IP address later.
2
 

Author Closing Comment

by:zolf
ID: 41869937
cheers
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question