FTP analysis
In this section, we'll take a look at how FTP works, the differences between the active mode and the passive mode, and how to transfer files securely with FPTS and SFTP.
We'll start a capture once again and connect to an FTP server that does not use encryption. So, this server is a Belarus-hosted server that has some Linux ISOs on it, and it allows anonymous connections. I'll just log in with anonymous, and we'll use port 21 and click on Quickconnect:
We can see that we've logged in. It states that it does not use TLS, and it lists the root directory:
What we'll do is stop that capture, and if we scroll down through the packets we'll see that we have a bunch of other types of traffic here, but then we see some FTP listed. What we can do is create a filter with simply ftp in it, and that'll show us all the FTP traffic:
We can see the connection over unencrypted FTP. You can see all the commands, just like with HTTP. If we dig into our FTP section in the packet details, we'll see...
