well, using ethereal you can get a packet dump and see what they're uploading.
Code:
0000 00 00 03 04 00 00 00 03 6b b9 81 c0 00 00 08 00 ........ k.......
0010 45 10 00 3c 02 7f 40 00 40 06 3a 2b 7f 00 00 01 E..<..@. @.:+....
0020 7f 00 00 01 9d 42 00 15 78 97 9d 13 78 e7 1e f4 .....B.. x...x...
0030 50 18 7f ff c4 84 00 00 53 54 4f 52 20 2f 72 6f P....... STOR /ro
0040 6f 74 2f 74 65 73 74 2e 67 7a 0d 0a ot/test. gz..
also you'll see a line like this in main window of it.
Code:
no. Time Source Destination Protocol Info
27 22.851634 Tux Tux FTP Request: STOR /root/test.gz
This is assuming they're just using regular ftp and not sftp.