Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 23 (ftp and wireshark)

Published byAlice Peters Modified over 6 years ago

Similar presentations

Presentation on theme: "Module 23 (ftp and wireshark)"— Presentation transcript:

1 Module 23 (ftp and wireshark)
Ate the end of this module, you should know most everything about ftp one might need to know. In addition, you should know how to use wireshark to sniff on ftp sessions, extract passwords, and identify files that have been transferred. Module 23

2 First the Dull ftp RFC Part
Protocol supports copying a file from one internet host to another. Defined by several related IETF RFCs: RFC 114, RFC 133, RFC 141, RFC 171, RFC 172 Traditionally, ftp uses two TCP ports: 21 for control commands 20 for data transfer Hosts may choose to perform data transfer to a dynamically assigned port. Operates in either active or passive mode Module 23

3 Active vs. Passive Mode In active mode, by default, the client initiates the control session on port 21 and leaves port 20 open for the server to send data. The server initiates the connection for port 20. If the client is behind a firewall, or NAT, then the server may be unable to connect back to the client to send data. If passive mode is selected, then the server gives the client a port to initiate a connection to for data transfer. Browsers typically use passive mode for ftp protocol connections (so they'll work when the client is behind a firewall). Module 23

4 Initiating an ftp connection
Initiating an ftp connection $ ftp ftp.cise.ufl.edu Connected to ftp.cise.ufl.edu UF CISE Anonymous Server (ftp0) Name (ftp.cise.ufl.edu:jnw): ftp 331 Anonymous login ok, send your complete address as your password Password: 230 Anonymous access granted, restrictions apply Remote system type is UNIX. Using binary mode to transfer files. If anonymous login is chosen username is ftp or anonymous By convention, on anonymous login, you specify your address. If you are connecting from a machine where you receive you can type leaving off the domain name. Module 23

5 Important ftp client commands
ftp> help binary binary set binary transfer type ftp> help cd cd change remote working directory ftp> help lcd lcd change local working directory ftp> help get get receive file ftp> help mget mget get multiple files ftp> help passive passive enter passive transfer mode ftp> help ls ls list contents of remote directory Module 23

6 ftp API Commands The subcommands are those discussed in the RFC. They can be issued by an ftp client by prefixing the RFC API command with the client command quote. ftp> quote help 214-The following commands are recognized (* =>'s unimplemented): CWD XCWD CDUP XCUP SMNT* QUIT PORT PASV EPRT EPSV ALLO* RNFR RNTO DELE MDTM RMD XRMD MKD XMKD PWD XPWD SIZE SYST HELP NOOP FEAT OPTS AUTH* CCC* CONF* ENC* MIC* PBSZ* PROT* TYPE STRU MODE RETR STOR STOU APPE REST ABOR USER PASS ACCT* REIN* LIST NLST STAT SITE MLSD MLST ftp> quote help port 214 Syntax: PORT <sp> h1,h2,h3,h4,p1,p2 Module 23

7 Let's Look at an ftp Session
Get your kali VM running in NAT mode. Execute wireshark at a terminal command prompt Select menu entry Capture->Interfaces Select eth0 in the Capture Interfaces popup. Then press the Start button in the Capture Interfaces popup. Wireshark is now capturing packets Module 23

8 Wireshark: Capture->Interfaces
Module 23

9 Wireshark: Set interface to sniff
Module 23

10 Back to your ftp session
In a terminal on kali, execute an ftp session ftp to cise.ufl.edu Log in as ftp Give your as the password Set passive mode (because you are NATted) Execute an ls command to list the directory contents Do a get on the file welcome.msg Quit ftp Go back to your Wireshark Window and Stop the capture Module 23

11 Wireshark: Stop the Transfer (Red X)
Module 23

12 Inspecting the Packets in Wireshark
To filter (downselect) the packets to just those going to the ftp port, type ftp in the Filter: window (it will turn green) Things to notice: The user (ftp) and password were passed in plain text. The commands that travelled across the network were API commands (USER, PASS) Module 23

13 Wireshark: ftp packets
Module 23

14 ftp Passive Mode When the passive command is issued, passive mode is entered in the client. No packets are transferred. When we then issue and ls command, a passive transfer ensues as follows: Client issues PASV command Server responds with a port number (130,230) = 130* = 33510 Client issues LIST command Client connects to specified port to get transferred data We can filter for ftp-data to see these packets Module 23

15 Wireshark: Passive Mode
Module 23

16 Wireshark: ftp-data (Transfer on port 33510)
Module 23

Download ppt "Module 23 (ftp and wireshark)"

Similar presentations

FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2005 Michael Haggerty University of Delaware (some/most slides courtesy of Umakanth Puppala.

FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2005 Michael Haggerty University of Delaware (some/most slides courtesy of Umakanth Puppala.
FILE TRANSFER PROTOCOL Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring.

FILE TRANSFER PROTOCOL Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring.
FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2007 Brian Lucas University of Delaware (some/most slides courtesy of Umakanth Puppala,

FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2007 Brian Lucas University of Delaware (some/most slides courtesy of Umakanth Puppala,
Client-Server Applications. Indirect Top Level Interaction Application.

Client-Server Applications. Indirect Top Level Interaction Application.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
2: Application Layer1 ECE5650 FTP, Email, DNS, and P2P.

2: Application Layer1 ECE5650 FTP, , DNS, and P2P.
1 FTP: File Transfer Protocol EE 122: Intro to Communication Networks Fall 2007 (WF 4-5:30 in Cory 277) Vern Paxson TAs: Lisa Fowler, Daniel Killebrew.

1 FTP: File Transfer Protocol EE 122: Intro to Communication Networks Fall 2007 (WF 4-5:30 in Cory 277) Vern Paxson TAs: Lisa Fowler, Daniel Killebrew.
FTP – File Transfer Protocol. 5 דברים שלא ידעתם על FTP FTP is commonly run on two ports, 20 and 21.ports FTP run exclusively over TCP.TCP FTP is separated.

FTP – File Transfer Protocol. 5 דברים שלא ידעתם על FTP FTP is commonly run on two ports, 20 and 21.ports FTP run exclusively over TCP.TCP FTP is separated.
File Transfer: FTP and TFTP

File Transfer: FTP and TFTP
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 20 File Transfer Protocol (FTP)

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 20 File Transfer Protocol (FTP)
OVER VIEW RFC 959 FILE TRANSFER PROTOCOL (FTP). C ONTENTS  The Ftp Model  Data transfer functions  File transfer functions  Declarative specifications.

OVER VIEW RFC 959 FILE TRANSFER PROTOCOL (FTP). C ONTENTS  The Ftp Model  Data transfer functions  File transfer functions  Declarative specifications.
John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.

John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.
File Transfer Protocol (FTP)

File Transfer Protocol (FTP)
Www.cuispa.org Fraudulent Site Take Down Guidance Author: John Brozycki, CISSP Hudson Valley FCU CUISPA Member Advisor LEGAL DISCLAIMER: This document.

Fraudulent Site Take Down Guidance Author: John Brozycki, CISSP Hudson Valley FCU CUISPA Member Advisor LEGAL DISCLAIMER: This document.
Chapter 31 File Transfer & Remote File Access (NFS)

Chapter 31 File Transfer & Remote File Access (NFS)
FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.

FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.
FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2005 Michael Haggerty University of Delaware (some/most slides courtesy of Umakanth Puppala.

FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2005 Michael Haggerty University of Delaware (some/most slides courtesy of Umakanth Puppala.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Accessing the Internet with Anonymous FTP Transferring Files from Remote Computers.

Accessing the Internet with Anonymous FTP Transferring Files from Remote Computers.

Similar presentations

Ads by Google