trace ftp file data in wireshark

tinky_winky asked:

I am trying to analyze ftp traffic in Wireshark. I can see commands like Request: List, PORT.
But after FTP

Response 150: Opening data channel for directory list.

what I see immediately is

Response 226: Transfer OK

where is a list of files? Why I don’t see it? (I’ve got this list – I can see it in terminal)

My answer:

You’re following a single TCP connection. FTP data transfers occur over a second connection. Stop following the connection (or filtering) and you should see the data transfer, assuming you didn’t use capture filters and actually captured it.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.