FTP data capture to upload and download pictures (wireshark)

1. Build a local FTP server

1. Create a "kiss_ftp" folder on the D drive, and save gg.jpg to this folder.

2. Open the FTP server software, set the user name as "kiss" and the password as "123", select the folder created in step 1, and set the permission to allow uploading and downloading. After the setting is completed, it is in the "User Account Management" menu of the software.

3. Open the FTP server.

2. Data capture for FTP protocol

1. Open the wireshark network packet capture software, select the correct network port to start monitoring (local, need NPcap software support)

2. Open the command prompt, connect to the ftp server and log in. After successful login, all files under the server will be listed.

Ls查看文件
Put上传文件
Get下载文件
dir 查看ftp服务器中的文件
cd 上传到服务器中的位置（ftp服务器下切换目录）
!dir 查看本地文件夹中的文件及目录
lcd 本地当前目录  设置本机要上传文件的位置（lcd c:\）

cmd

ftp ip connect to ftp server (ftp>open ip)

user password

ls View the contents of the ftp root directory

get filename (download the file to the ftp server)

3. In the packet capture software, filter out all FTP packets whose destination address is the FTP server.

It is found that the user name and password for login can be seen: kiss: 123 and the gg.jpg picture sent.

3. Grab the get download picture data package in ftp

1. In the filtered results, find the request packet sent to the FTP server to download gg.jpg.

2. After finding the above packet, clear the filter and look for the packet containing the binary header of the jpg file.

Enter TCP Ctrl+F in the search box to find a group (or click the small magnifying glass)

Select packet JFIF of packet byte stream, character string, jpg binary header, press enter.

3. Select the data packet, right-click - "Tracking Flow" - "TCP Tracking Flow", change the file type to raw data, and save it as "gg123.jpg" to the desktop.