Wireshark mailing list archives
Re: How do I identify SSL secured FTP session?
From: Shai Ben-Naphtali <shai () shaibn com>
Date: Sun, 13 Feb 2011 13:07:00 +0000
Thank you guys... this was not as easy for me as I thought (since I don't know much about it), but it was easier to just go to the server and disable FTPES, and then trying to connect and seeing in Wireshark how everything is just plain out there... the entire session, the login, the username and password. This is NOT the case when the SSL/TLS is enabled. So that makes me know, that I'm actually using SSL/TLS and that the data is encrypted, when I don't see that session in the Wireshark captures. Thanks a whole bunch :) --- Shai On Sun, Feb 13, 2011 at 06:55, Stephen Fisher <steve () stephen-fisher com>wrote:
On Sat, Feb 12, 2011 at 03:43:34PM -0600, David Alanis wrote:I forgot the most important part of your question. Once you have the Wireshark capture and if you simply apply the view filter 'ftp' and displays your entire connection. Then you know your FTP session is not encrypted, hence ftp displays communication over port 21 and maybe 20? I didn't see FTP listed under preferences > protocols.The FTP dissector is hard-coded to handle two types of FTP traffic: FTP commands on port 21 and FTPDATA on port 20. You should be able to right click on a packet and do "Decode as..." FTP also though. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How do I identify SSL secured FTP session? Shai Ben-Naphtali (Feb 12)
- Re: How do I identify SSL secured FTP session? David Alanis (Feb 12)
- Re: How do I identify SSL secured FTP session? David Alanis (Feb 12)
- Re: How do I identify SSL secured FTP session? Stephen Fisher (Feb 12)
- Re: How do I identify SSL secured FTP session? Shai Ben-Naphtali (Feb 13)
- Re: How do I identify SSL secured FTP session? David Alanis (Feb 12)
- Re: How do I identify SSL secured FTP session? David Alanis (Feb 12)