Re: wireshark/tshark not seeing ftp transfers

[Martin Visser <martinvisser99 () gmail com>]

if you really are using unsecured FTP, and you are capturing the traffic
and it is being just decoded as TCP, then you should be able to just use
"Edit:Find Packet" and search for the packet containing your username (or
password ;-) )

Regards, Martin

MartinVisser99 () gmail com


On 12 April 2012 07:15, Christopher Maynard
<christopher.maynard () gtech com>wrote:

> bill withers2 <witherbill2@...> writes:
>
> > I am running wireshark 1.4.0 on a win7 desktop x64.  I am finding that
> when I
> try to see any unsecured ftp processes they do not show up at all.  tcp,
> arp,
> udp, etc all show up but ftp are simply awol.  I tried adding filters by
> setting
> to ports 21 and 20, and to the particular hosts but nothing shows up.Any
> suggestions?
>
> No epiphany here, but just a few basic things you might want to check:
> 1) Are you sure it's unsecure, or could it be sftp?
> 2) Are you capturing on the right interface?
> 3) Do you see the ftp traffic if you capture all packets without any
> filters in
> place?
> 4) Is the FTP dissector enabled? (Analyze -> Enabled protocols)
>
> - Chris
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe