336    Chapter 5 • Communication Security: Web Based Services


             Figure 5.20 Building a FTP-based Filter in Wireshark



































                      3. An alternative method to viewing only FTP-based traffic is to use
                         a display filter, which is visible in Figure 5.22. The Filter field on
                         Wireshark’s toolbar allows you to specify what information is dis-
                         played from the captured packets. If the Capture Filter in step 2
                         isn’t set, then all traffic is captured, so using a display filter will
                         allow you to only show the information you’re interested in. To
                         display only FTP-based traffic, you would type FTP into the Filter
                         field, and then click Apply.
                      4. Now that you have your display filter defined, click on the
                         Capture menu and then click Start. To ensure there are FTP
                         packets to capture, we will now log on to Novell’s FTP site at
                         www.ftp.novell.com by performing the following actions:
                      ■  Click on the Window Start menu, and then click Run. When the
                         Run dialog box appears, type cmd in the Open field and then
                         click OK.
                      ■  When the Command Prompt window appears, type ftp
                         ftp.novell.com



          www.syngress.com