I am unable to capture ftp protocols. what I do is that I opened wireshark and start capturing packets on wifi and then I opened site ftp://ftp.mcafee.com and also downloaded a file and when I analyse the captured pcap file, there is no packet with the ftp protocol. I get this without filter and this by applying filter asked 10 Nov '15, 06:45  shazzy edited 10 Nov '15, 19:21 showing 5 of 6 show 1 more comments |
One Answer:
You have a proxy configured in your browser (proxy: 10.3.100.207), see the CONNECT method in frame #62. So, if you open an FTP URL in the browser, you won't see the FTP protocol. Instead your browser will talk to the proxy via HTTP (port 8080 in your case) and ask the proxy to get the data from the FTP server. The proxy will open the FTP connection. As a result, on the client you will only see connections to the proxy (TCP/8080). If you want to decode that as HTTP, right click on one frame and select "Decode As -> HTTP". To see the FTP request, please apply one of the following filters:
Then right click that frame and choose "Follow TCP Stream". Regards answered 10 Nov '15, 19:42  Kurt Knochner ♦ (10 Nov '15, 19:46) Kurt Knochner ♦ thanks it worked yes I forgot to mention I am using proxy 10.3.100.207 (10 Nov '15, 19:48) shazzy Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up). (10 Nov '15, 19:49) Kurt Knochner ♦ do you also know how to properly open wireshark in monitor mode in windows (10 Nov '15, 19:54) shazzy That's a different question. Please open a new one. Long story short: not supported on Windows with WinPcap. You would need special hardware like, AirPcap. (10 Nov '15, 19:56) Kurt Knochner ♦ |
Do you have a local Firewall active?
Christian_R, shazzy says he has successfully downloaded the file so the firewall should not be the issue?
Is the wifi the only interface through which the computer can get to internet?
If yes, have you captured any packets at all?
If yes, have you set any capture filter (not display filter)?
If yes, what exactly?
ok I have edited my comment. Incase if anyone able to capture packets from that website, can you please send me your pcap file to examine
Did you capture any DNS resolution for ftp.mcafee.com? and if so, filter on the returned IP address to see if you have any traffic to/from that address.
This would be much easier if you would provide your pcap file for analysis.
https://www.dropbox.com/s/d920x9qj1mwihu1/no_ftp.pcapng?dl=0 link to my file