Wireshark-users: Re: [Wireshark-users] tshark filter
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: David Milbourne <dmilbo@xxxxxxxxx>
Date: Thu, 14 Oct 2010 19:04:38 -0400
So I did:

tshark -r <capturefile> 'ftp.response.code == 230'

And it shows me all the successful logins.  Is there a way to combine that with:

'(ftp.request.command == "PASS" or ftp.request.command == "USER")'

in order to show all the valid usernames and passwords that were used to successfully log in?

Thanks in advance,
DM

On Wed, Oct 13, 2010 at 5:53 PM, David Milbourne <dmilbo@xxxxxxxxx> wrote:
Marco,

That works - thank you!

DM


On Wed, Oct 13, 2010 at 3:58 AM, Marco Simone Zuppone <msz@xxxxxx> wrote:
Hello,
 
you can try with: ftp.response.code == 230
 
Regards.
Marco S. Zuppone

On Tue, Oct 12, 2010 at 10:56 PM, David Milbourne <dmilbo@xxxxxxxxx> wrote:
I have a capture file that I'd like to go through and list all of the successful ftp logins.  How can I do that with tshark?

Thanks,
DM

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe