Once the FTP traffic has been located (for example, using tcp_responder=21), set the time frame to contain the required FTP session(s), and clear out the filter. If needed, filter further to specify the desired traffic using source or destination IP or other parameters, but do not filter on TCP port.
If application_id="ftp" is added to the filter, and an extraction is then run, only the ftp control sessions will be displayed in the artifacts list. These artifacts may be previewed to see the text content of the control session.
If the term application_id="ftp_data" is also added to the filter, any file transfer sessions will also be displayed. (Not all FTP connections are used to transfer files.)
Without seeing the FTP control sessions, extractor cannot determine what other traffic contains the FTP file transfers. Therefore, application_id="ftp" is always required in conjunction with application_id="ftp_data" in order to see the files for extraction.