Howto listen ftp traffic by tcpdump

Howto listen ftp traffic by tcpdump

tcpdump

To listen or sniffer ftp traffic port 21,  you can run tcpdump on your ftp server.

-i : interface which you want to listen ftp traffic

[root@ithelpblog ~]# tcpdump -i eno16777736 port 21
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno16777736, link-type EN10MB (Ethernet), capture size 65535 bytes
01:56:55.347350 IP 10.236.10.15.12878 > 10.236.10.16.ftp: Flags [S], seq 902473771, win 8192, options [mss 1260,nop,wscale 8,nop,nop,sackOK], length 0
01:56:58.347125 IP 10.236.10.15.12878 > 10.236.10.16.ftp: Flags [S], seq 902473771, win 8192, options [mss 1260,nop,wscale 8,nop,nop,sackOK], length 0
01:57:04.347336 IP 10.236.10.15.12878 > 10.236.10.16.ftp: Flags [S], seq 902473771, win 8192, options [mss 1260,nop,nop,sackOK], length 0
01:57:06.427798 IP 10.236.10.15.12881 > 10.236.10.16.ftp: Flags [S], seq 3155878894, win 8192, options [mss 1260,nop,wscale 8,nop,nop,sackOK], length 0
01:57:09.427877 IP 10.236.10.15.12881 > 10.236.10.16.ftp: Flags [S], seq 3155878894, win 8192, options [mss 1260,nop,wscale 8,nop,nop,sackOK], length 0
01:57:15.430071 IP 10.236.10.15.12881 > 10.236.10.16.ftp: Flags [S], seq 3155878894, win 8192, options [mss 1260,nop,nop,sackOK], length 0
01:57:21.234178 IP 10.236.10.15.12886 > 10.236.10.16.ftp: Flags [S], seq 3551260548, win 8192, options [mss 1260,nop,wscale 8,nop,nop,sackOK], length 0
01:57:24.234453 IP 10.236.10.15.12886 > 10.236.10.16.ftp: Flags [S], seq 3551260548, win 8192, options [mss 1260,nop,wscale 8,nop,nop,sackOK], length 0
01:57:30.224900 IP 10.236.10.15.12886 > 10.236.10.16.ftp: Flags [S], seq 3551260548, win 8192, options [mss 1260,nop,nop,sackOK], length 0

Thanks for using Ithelpblog.com.

Tags:  

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>