How do I decode a UDP encapsulated FTP packet ?

asked 2021-02-09 07:40:29 +0000

jack851 gravatar image

As title, I captured a FTP packet which is encapsulated by a UDP header, how do I decode it ? My version is 3.4.2 thanks!

edit retag flag offensive close merge delete

Comments

Are these UFTP packets?

Chuckc gravatar imageChuckc ( 2021-02-09 16:48:44 +0000 )edit

Are these TFTP packets?

Jaap gravatar imageJaap ( 2021-02-09 18:10:00 +0000 )edit

No, these are traditional FTP packets. In version 3.4.2, I have no idea to decode them, but in old version(1.x), it’s easy to decode them just click & apply,!

jack851 gravatar imagejack851 ( 2021-02-10 05:23:50 +0000 )edit

What kind of encapsulation is used to encapsulate the TCP-FTP packets in UDP packets (assuming you mean FTP-over-TCP when you say "traditional FTP packets"). Can you share an exaple capture?

SYN-bit gravatar imageSYN-bit ( 2021-02-10 08:23:51 +0000 )edit

link text

I share my capture as above,this is what the packet looks like

jack851 gravatar imagejack851 ( 2021-02-18 08:51:13 +0000 )edit

The UDP payload does not resemble something the FTP protocol would produce. Was the payload anonimized?

Regarding encapsulations, if the same layers are present in the anonimized packet as in the original packet, then there seems to be no encapsulation.

I have no idea how to dissect this packet, also Wireshark 1.12 does not seem to dissect this packet futher than just UDP.

SYN-bit gravatar imageSYN-bit ( 2021-02-23 20:47:12 +0000 )edit
add a comment