FTP analysis
In this section, we'll take a look at how FTP works, the differences between the active mode and the passive mode, and how to transfer files securely with FPTS and SFTP.
We'll start a capture once again and connect to an FTP server that does not use encryption. So, this server is a Belarus-hosted server that has some Linux ISOs on it, and it allows anonymous connections. I'll just log in with anonymous
, and we'll use port 21
and click on Quickconnect
:
![](https://static.packt-cdn.com/products/9781788626521/graphics/6045e9f5-65ca-4949-ad1a-1605edffa444.png)
We can see that we've logged in. It states that it does not use TLS, and it lists the root directory:
![](https://static.packt-cdn.com/products/9781788626521/graphics/1289aace-3c1f-4c2c-84d7-5c0fe8fc4251.png)
What we'll do is stop that capture, and if we scroll down through the packets we'll see that we have a bunch of other types of traffic here, but then we see some FTP listed. What we can do is create a filter with simply ftp
in it, and that'll show us all the FTP traffic:
![](https://static.packt-cdn.com/products/9781788626521/graphics/2154569e-429b-4d0e-9e6f-5e844b48d9ea.png)
We can see the connection over unencrypted FTP. You can see all the commands, just like with HTTP. If we dig into our FTP
section in the packet details, we'll see...