Wireshark can capture FTP packets, but cannot view the packet contents of FTP-Data.
I want it show txt file content in the lower right corner of Wireshark
ex : file.txt content is 123456 ; the box show hax : content
I have tried these different connection methods:
(All set with FTP Transfer type: binary, FileZilla Site Manager: Only Use Plain FTP, Firewall Open for FileZilla and Wireshark)
1.Online FTP Server, FileZilla Client, Wireshark: Uploading from the client to the server and downloading from the server to the client, both using TLS 1.3. I have successfully used Pre Master log decryption. After that, I can capture FTP TxT packets, but when filtering for FTP-Data, no frames are displayed.
2.Android Wifi FTP Server, FileZilla Client, Wireshark: All frames are TCP when conducted in the same Wi-Fi network. After decoding as FTP, I can see the actions, but when filtering for FTP-Data, no frames are displayed.
3.FileZilla Server, FileZilla Client, Wireshark: Internal connections are normal, but there is still no FTP-Data. External connections are not feasible due to practical considerations.
If you need photo to analysis , please tell me thanks you.
Hi Daniel,
You may be using a passive FTP connection. FTP-DATA uses port TCP/20 for an active FTP connection.
Please see this Filezilla explanation for context.
If you can, upload a PCAP to a public share so we can look at your packets and provide better insights.
Cheers,
JFD