This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am new to wireshark. I have downloaded wireshark in my machine and I am using Windows Vista. I am trying to capture ftp traffic between 2 local hosts by executing some ftp commands in SSH terminal. I need wireshark in my machine to capture that traffic. How to configure wireshark for that. Kindly help.

asked 13 Apr '11, 09:52

rajan's gravatar image

rajan
1111
accept rate: 0%

edited 07 May '11, 10:52

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


If you are issuing ftp commands from within an ssh session, you will not see any FTP traffic. You will only see SSH traffic. From the SSH wiki page, "The SSH dissector is, unlike the SSL dissector, not able to decrypt the encrypted packets/payload."

permanent link

answered 14 Apr '11, 06:30

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Wireshark would need to invoke promiscuous mode. You probably won't have any issues with that, it is simply a checkbox when you choose capture. You probably will only have luck on a wired connection. The second thing is that you must get the traffic to the NIC in the PC with Wireshark installed. This could be done if all pc's are connected to a hub. Alternatively, most managed switches have a span or monitor mode that could copy traffic to the capture pc's port. The third option would be to use a TAP inline to duplicate the signals to the capture pc.

permanent link

answered 13 Apr '11, 18:21

Paul%20Stewart's gravatar image

Paul Stewart
3018
accept rate: 6%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×56
×25

question asked: 13 Apr '11, 09:52

question was seen: 6,811 times

last updated: 07 May '11, 10:52

p​o​w​e​r​e​d by O​S​Q​A