HPE Community
Operating System - HP-UX
1833847 Members
2066 Online
110063 Solutions
New Discussion

Re: How to capture ftp traffic on the network

 
SOLVED
Go to solution
Becke
Super Advisor

‎04-27-2005 01:05 AM

‎04-27-2005 01:05 AM

How to capture ftp traffic on the network

Hi Guys,

I'm only interested in capturing the ftp traffic on the network, so I can log and monitor the ftp activity for a week.

Please advise how do i capture ftp activity on the system.

Cheers,
Raf
0 Kudos
Reply
4 REPLIES 4
renarios
Trusted Contributor

‎04-27-2005 01:32 AM

‎04-27-2005 01:32 AM

Solution

Re: How to capture ftp traffic on the network

Hi Raf,

I know that there's a tool called RRDtool (round robin database tool).

Hope it helps,

Renarios
Nothing is more successfull as failure
Reply
twang
Honored Contributor

‎04-27-2005 01:53 AM

‎04-27-2005 01:53 AM

Re: How to capture ftp traffic on the network

Binary tcpdump traces could be interesting to examine with tcptrace/xplot. The following example that will listen on lan0 for traffic on port 21 and write the output to file /tmp/ftp.log

# tcpdump -i lan0 -n port 21 -w /tmp/ftp.log
Reply
Patrick Wallek
Honored Contributor

‎04-27-2005 02:16 AM

‎04-27-2005 02:16 AM

Re: How to capture ftp traffic on the network

You must remember that for ALL ftp traffic you must listen on ports 20 and 21 both. Port 20 is the FTP data port and 21 is the control port.

Reply
Biswajit Tripathy
Honored Contributor

‎04-27-2005 05:50 AM

‎04-27-2005 05:50 AM

Re: How to capture ftp traffic on the network

As Patrick Wallek said, you must listen to port 21
AND port 20.

It gets a little more complicated when the user is
using passive FTP as with passive FTP, _both_
the port numbers for data connections are
generated dynamically. So you need to process the
tcpdump output (by writing a script) that catches
the passive data connection negotiation (by the
control connection to port 21) and track those ports
too. Can get a little more complicated.

If you donot allow passive FTP, then tracking
port 20 and 21 will be enough.

- Biswajit

:-)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.