Enhance FTP packet logging to include source IP and avoid empty payload prints

2025-07-11 13:24:41 +02:00 · 2025-07-11 13:24:41 +02:00 · f3bc0c1ad0
commit f3bc0c1ad0
parent fb68cd0375
1 changed files with 4 additions and 2 deletions
--- a/inquisitor/src/inquisitor.py
+++ b/inquisitor/src/inquisitor.py
@ -41,7 +41,8 @@ def ftp_packet_callback(packet):
    if packet.haslayer('IP') and packet.haslayer('TCP'):
        if packet['TCP'].dport == 21 or packet['TCP'].sport == 21:
            payload = bytes(packet['TCP'].payload).decode(errors='ignore')
-            print(f"the FTP payload: {payload}")
+            if payload != "":
+                print(f"the FTP payload: {payload}")
            # print(f"FTP Packet: {packet.summary()}") 
            if b"RETR" in bytes(packet['TCP'].payload):
                # Extract filename from FTP RETR command
@ -51,7 +52,8 @@ def ftp_packet_callback(packet):
                    idx = parts.index("RETR")
                    if idx + 1 < len(parts):
                        filename = parts[idx + 1]
-                        print(f"\033[92mFTP file download detected: {filename}\033[0m")
+                        src_ip = packet['IP'].src
+                        print(f"\033[92mFTP file download detected: {filename} from {src_ip}\033[0m")

 def start_sniffing(interface=conf.iface):
    """