Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sniffing files from ftp session

From: David Howe <DaveHowe.Pentest () googlemail com>
Date: Wed, 03 Jun 2009 12:33:10 +0100
Robert Jaroszuk wrote:

Hi all.

I need a sniffer which could sniff and save files from ftp traffic.
I think about something silimar to filesnarf or mailsnarf (dsniff).
Anyone knows such tool ?


you don't need one. due to the nature of ftp traffic, any packet capture
analysis tool (wireshark, for example) can save off the file for you.

wireshark example:

type "ftp" into filter, locate the RETR line for the file you want

remove filter, note the syn/syn-ack handshake below the RETR line that
is the actual data flow starting

right click, select "follow tcp stream"

select "raw" and "save", save off as whatever name you want.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: