search

idaviden / n1mda-dev

Automatically exported from code.google.com/p/n1mda-dev
0 stars 0 forks source link

ftp issue #2

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1.pirni -s 192.168.*.254 -b 192.168.*.255 -f "port 21" -o ftp.pcap
2. open an ftp server
3. connect to port 21 ftp server

What is the expected output? What do you see instead?
nothing in .pcap file

What version of the product are you using? On what operating system?
xp 

Please provide any additional information below.
I cant get it to capture any ftp packets not even with -f ""

Original issue reported on code.google.com by aalfan...@gmail.com on 3 Jun 2009 at 12:42

GoogleCodeExporter commented 8 years ago 
Check if the ftp connection is encrypted.

Original comment by mae...@gmail.com on 4 Jun 2009 at 6:30

GoogleCodeExporter commented 8 years ago 
Also see if the ARP caches was updated on the machine you want to perform 
sniffing
on. In windows you do this in command prompt by typing arp -a

Also make sure that the BPF filter is correct, maybe you need to supply ip 
prototype
(tcp or udp)

I can not reproduce this at the moment because I bricked my phone, and I'm 
waiting
for a new one.

Original comment by axelmoll...@gmail.com on 4 Jun 2009 at 9:49

GoogleCodeExporter commented 8 years ago 
i tried the arp caches that didnt seem to do anything

when i put "tcp port 21" it capture only the first site i went to
ftp://ftp.netscape.com/ but wouldnt capture a straight ftp server of mine
ftp://192.168.*.* on my LAN. It was weird cause "tcp dst port 21" and "tcp scr 
port
21" also didnt pick up anything at all. Someone please try and let me know what 
they
get. Also if i run the filter "" there are no packets of ftp protcol at all in
wiredshark. any help much appreciate.

Also ftp is 21 non-encrpyped i wasnt using sftp i am sure.

Thanks

Original comment by aalfan...@gmail.com on 4 Jun 2009 at 11:03

GoogleCodeExporter commented 8 years ago 
You should try to disable the ftp filter. So you type like "pirni -s (your ap 
ip) -b (broadcast ip) -o ftpdump.pcap"
Then in wireshark, above type ftp in the filter. It should turn green and then 
shows only ftp traffic. Also make 
sure you're broadcast address is correct, many peopple are having trouble with 
this: http://www.tech-
faq.com/calculate-broadcast-address.shtml 
Good luck

Original comment by mae...@gmail.com on 5 Jun 2009 at 3:54

GoogleCodeExporter commented 8 years ago 
Guys I am not sure why but not having a -f or filter made it work. I left 
everything
the same my ap ip and broadcast ip was right as it was the first time. Maybe it 
has
to do with the filter whatever it works. Great work on this to all.

Thanks again

Original comment by aalfan...@gmail.com on 5 Jun 2009 at 10:16

GoogleCodeExporter commented 8 years ago 
Yes the filter won't work. Also ssl poison would be nice.

Original comment by jimmyka...@gmail.com on 13 Jun 2009 at 11:13

GoogleCodeExporter commented 8 years ago 
Must have been something wrong from your part. My implementation of BPF is 
strict
library and should work as any other sniffer :)

Original comment by axelmoll...@gmail.com on 29 Jun 2009 at 8:44