My last video, “Troubleshooting FTP Error Messages and Wireshark” (https://www.youtube.com/watch?v=zJoeYugcvTA), I reviewed how to troubleshoot a FTP problem using Wireshark and then wondered how other products would fair in the same scenario.
In this example I will use Fluke Networks Clearsight Protocol Analyzer. I find this analyzer intuitive and offers a very helpful feature; ‘Monitor Mode’. I will skip the technical jargon and explain it in the following manner: many protocol analyzers require you to capture frames to analyze them or to retrieve them at a later date. This basic fact highlights various issues such as processing large trace files, leveraging capture filters to reduce trace file sizes, stream to disk tools and looking to protocol analyzers for “Expert analysis”.
In ‘Monitor Mode’ Clearsight process the frames and displays information from layer 2 up to layer 7 in a summary screen as well reports. Basically I use Monitor Mode when I am just looking around for clues and do not require frames to be saved for further analysis.
You will see in this video how I use Clearsight to find out why the ftp session failed without capturing one frame.