I am new to wireshark. I have downloaded wireshark in my machine and I am using Windows Vista. I am trying to capture ftp traffic between 2 local hosts by executing some ftp commands in SSH terminal. I need wireshark in my machine to capture that traffic. How to configure wireshark for that. Kindly help. asked 13 Apr '11, 09:52  rajan edited 07 May '11, 10:52  cmaynard ♦♦ |
2 Answers:
If you are issuing ftp commands from within an ssh session, you will not see any FTP traffic. You will only see SSH traffic. From the SSH wiki page, "The SSH dissector is, unlike the SSL dissector, not able to decrypt the encrypted packets/payload." answered 14 Apr '11, 06:30 cmaynard ♦♦ |
Wireshark would need to invoke promiscuous mode. You probably won't have any issues with that, it is simply a checkbox when you choose capture. You probably will only have luck on a wired connection. The second thing is that you must get the traffic to the NIC in the PC with Wireshark installed. This could be done if all pc's are connected to a hub. Alternatively, most managed switches have a span or monitor mode that could copy traffic to the capture pc's port. The third option would be to use a TAP inline to duplicate the signals to the capture pc. answered 13 Apr '11, 18:21  Paul Stewart |
