Cannot see FTP inside pcap file

I have captured pcap file in module 4 and 5 and have transfered lot of files to server. But I haven’t seen FTP as protocol in any of the packet even in a single file. Is this expected behaviour or tcpdump is unable to capture FTP packets??

Maybe you are looking for the wrong protocol :slight_smile:

but in module 6 we have to specify packets that have plain text message as their content. I can’t find even one. Only those packets will show the transferred that have FTP protocol. There is some problem in QBox host. It is not capturing FTP packets.

Good question but this is what you are learning.
Wireshark can only differentiate packets as ftp if they are using the standard port of 21 for ftp. In our case, we wouldn’t see the packets resolved to ftp.
Hint: Try to filter based on the ports you are using. Spend some time figuring this out.
Don’t just say something is a problem because you cannot explain it.


Thank you so much for the explanation! You mean tcpdump willl capture all packets but wireshark will not show those packets until port is 21

Yes, FTP is an application layer protocol and you haven’t told wireshark that you will be using different ports for FTP.

Soo you changed the port number in conf file back to 21 ?

You know which port you are using for transfer in our QBox.
And we can filter packets based on port you are using

perhaps we cannot use port 20

Yes, we cannot use Port 20. As said in Module 3 Milestone 1,

For security reasons, the QBox host only allows incoming connections on certain port numbers. The firewall blocks incoming connections on all other ports.