±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36096
New Yesterday: 7 Visitors: 115

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Titan FTP 7.00.830 Log File Format

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

azrael
Senior Member
 

Titan FTP 7.00.830 Log File Format

Post Posted: Jan 06, 11 21:10

Hullo All,

Does anyone happen to know the log file format of Titan FTP ? I've looked around and can't find anything - I've decoded a majority myself, but I've not got a test system and am a bit stuck on some of the fields - any help appriciated.

Code:
 2010-08-01 23:09:28 1n.6n.n.23n 21 808 1m.1m.m.12m 4355 4624 lulu 0 0 lulu 12 Checking to see if user "lulu" can connect from "1m.1m.m.12m"
 |--Date--| |-Time-| |-IP Dest-| || |-| |-IP Src -| |--| |--| |--| | | |--| || |--------------------- Text Comment ------------------------|
                            Dest Port            Src Port     User     User  

I'm stuck on the 808, 4624, 0, 0 and 12 fields ( although I suspect that 808 and 4624 might be something more to do with ports and the others are success/error codes ).

Cheers everyone.

Si
_________________
--
Azrael
-- 
 
  

jamie
Site Admin
 

Re: Titan FTP 7.00.830 Log File Format

Post Posted: Jan 06, 11 21:57

Looking at the user guide, I wonder if 808 might be either the Server ID or Session ID?  
 
  

azrael
Senior Member
 

Re: Titan FTP 7.00.830 Log File Format

Post Posted: Jan 07, 11 16:55

Ta muchly.

Indeed, looking at the other entries the 808 remains static, so could well be the Server ID and the 4624 changes with each session, and thus is most likely the Session ID. The 0 0 _never_ changes, which is a little odd and 12 seems to be something to do with the message - 22 seems to be a send for example, 12 is internal function etc.

Cheers,

Si
_________________
--
Azrael
-- 
 

Page 1 of 1