Wireshark-users: Re: [Wireshark-users] wireshark/tshark not seeing ftp transfers

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Thu, 12 Apr 2012 11:44:38 +1000
if you really are using unsecured FTP, and you are capturing the traffic and it is being just decoded as TCP, then you should be able to just use "Edit:Find Packet" and search for the packet containing your username (or password ;-) ) 

Regards, Martin

MartinVisser99@xxxxxxxxx


On 12 April 2012 07:15, Christopher Maynard <christopher.maynard@xxxxxxxxx> wrote:
bill withers2 <witherbill2@...> writes:

> I am running wireshark 1.4.0 on a win7 desktop x64.  I am finding that when I
try to see any unsecured ftp processes they do not show up at all.  tcp, arp,
udp, etc all show up but ftp are simply awol.  I tried adding filters by setting
to ports 21 and 20, and to the particular hosts but nothing shows up.Any
suggestions?

No epiphany here, but just a few basic things you might want to check:
1) Are you sure it's unsecure, or could it be sftp?
2) Are you capturing on the right interface?
3) Do you see the ftp traffic if you capture all packets without any filters in
place?
4) Is the FTP dissector enabled? (Analyze -> Enabled protocols)

- Chris


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe