root@dco:~$ wireshark &
#step 1: get an overview
WireShark
Filter: ftp
#anomalous: failed login attempts
WireShark > ftp.response.code == 530
the command “STOR” is used to upload a file to the FTP Server while the "RETR" command is used to retrieve a file. once the correct filter is applied, the traffic can be followed via "Follow > TCP Stream"
Last updated
root@dco:~$ wireshark &
#step 1: get an overview
WireShark
Filter: ftp
#upload/downloaded files
WireShark > ftp.request.command == "STOR" || ftp.request.command == "RETR"
WireShark > Packet List > Packet Details > FTP > RETR > Request Arg > Copy > Value
* resume.docroot@dco:~$ wireshark &
#step 1: get an overview
WireShark
Filter: ftp
#upload/downloaded files
WireShark > ftp.request.command == "STOR" || ftp.request.command == "RETR"
WireShark > Packet List > right-click packet > Follow > TCP Stream
...
PWD
257 "/" is current directory.
TYPE A
200 Type set to A
EPSV
229 Entering Extended Passive Mode (|||35656|)
LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete.
SITE CHMOD 777 resume.doc
550 resume.doc: Permission denied
QUIT
221 Goodbye.