Wireshark-users: Re: [Wireshark-users] Analyzing a "broken" FTP session
Hi John,

Although there is not a strict charter for what is appropriate for the Wireshark-users list, I personally feel that it is about "helping people to use the wireshark tools to enable them to solve their problems". That often includes helping them understand protocols and even doing some analysis for them. I think this list is really great in that way.

Your question however is not to help you solve your problem yourself, but asking other people to analyse your files for you. Even though there might be many people here (including me) that would love to take a look at the files and analyse it for you, I think your request is bit to much a request for free consultancy. Of course that is my personal opinion, others might think differently.

I would encourage you to take a look at the tracefiles yourself, read the FTP RFC (http://www.faqs.org/rfcs/rfc959.html) and use this list for helping you get the most out of wireshark and/or fill you in on some details about the protocols you see in the tracefiles. We're here for you :-)

If you do want an expert to analyse the collected data for you, you might want to contact one of the network analysis consultancy companies that are out there. Just to name a few:

GearBit (http://www.gearbit.com/)
The Technology Firm (http://thetechfirm.com/)
Network Protocol Specialists (http://new.networkprotocolspecialists.com/)
Bitcricket (http://www.bitcricket.com/)
SYN-bit (http://www.syn-bit.nl) <-- Shameless plug



----- Original Message ----- From: "Chivian, John" <[email protected]>
To: <[email protected]>
Sent: Friday, August 21, 2009 4:36 AM
Subject: [Wireshark-users] Analyzing a "broken" FTP session


I'm not sure if this is the correct forum for this but I am hoping to get some help identifying a problem that sometimes occurs between an FTP client and server. (If this isn't the right forum can someone point me in the right direction?)

I have PCAP files made on both systems using tcpdump that have captured a recent failure, but I do not have enough expertise in packet analysis or the guts of the FTP protocol to read them and draw a definitive conclusion regarding why the connection "broke".

If someone can help I am happy to provide more information regarding the systems themselves, the network topology between them, and the trimmed PCAP files for analysis.

  Thanks in advance, JC


John (JC) Chivian
Staff Software Engineer
Staff Unix/Linux Administrator
Corporate Information Systems
Photronics, Inc.

mailto:[email protected]


This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication may contain Photronics' confidential information. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited.


Environmentalism is an ethic and a way of life. Pass it on!

Sent via:    Wireshark-users mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:[email protected]?subject=unsubscribe