Cannot see the text file contents in wireshark

I have chosen the port correctly and getting the packets in wireshark but don’t know where to look for the text content in the packets.
Which fields should I look for ?

Hey @ritbikbharti read instructions and use references which are provided under milestones and for more help you can try youtube tutorials some articles.

You need to figure out where the data transfer actually started and since it is a text file, whole data will be transferred with the help of few packets

Lets say the transfer has started from packet A and ended at packet B. So in between A and B, click on packets, at bottom you are going to find the exact text which are in the text file.

I am not able to find the packets which contains the text file. I am decoding them as FTP still not getting the text file. Only the commands of ftp is visible

There is a catch over here.
The reason is we are not using default ftp ports for file transfer here. So wireshark is not able to find them as ftp packets. And yes, you can’t see them here.
Try filtering out by some other method. You know which port you are using for transfer in our QBox.

2 Likes

Thanks @AmoghaKS ! Finally, got it!

Wc…Great going buddy, :slightly_smiling_face::+1:

Thanks! I figured out. :slightly_smiling_face:

How to get the transfer time in milliseconds? @AmoghaKS Please give some hints if you can

When you use wireshark, time info will be in Seconds(in 2nd column:Time)…convert it to milliseconds, that’s not a hard task if you are able to find all those right packets

I have used the correct port to capture the packets, while analysing the tcp.port == port_no, I can see one packet that says ‘Ok to send data’ and the next packet says ‘Transfer complete’. Where do we see the file contents?

Hey, is it resolved? you were analyzing with port 8081. But you have missed something here. which port does QBox uses to transfer data

one packet that says ‘Ok to send data’ and the next packet says ‘Transfer complete’. >>>>> this is because you filtered packets but in doing so you missed some other packets which are very important here. with that message one can only tell that Your server is working fine and data can be transferred over the server (it can be any file or msg. it is saying that some data was transferred ) and also it was done successfully.

So if you know which port our QBox is using, then consider those packets too (you must do this) . and then clicking on those packets, you will be able to see the file contents if it is not encrypted.

port used by QBox server is the one where connection is established, right?

we have set listen_port=8081 in our vsftpd.conf file…that means server listens on port 8081

And by default the vsftp server runs on the port 20 and 21, one for connection other for data transfer. we don’t use that default port in QBox. Look at the conf file, you’ll get an idea

Hey try some different filters other than port. You can get whole chunk of communication between two client and server.