File Transfer Protocol (FTP)

As the name implies, FTP is used to transfer files. It is a standard communication protocol built on a client-server model and relies on two separate communication channels: a control channel for sending commands and responses, and a data channel for actually transmitting the file content.

Security Warning: FTP uses plain text passwords, so take care.

History

FTP is one of the oldest internet protocols, initially developed and published as RFC114 in 1971 to run on the ARPANET's Network Control Program (NCP). As networks evolved, the protocol was rewritten to operate over the modern TCP/IP suite in 1980 (RFC765) and was eventually solidified into its current, widely used foundational standard, RFC959, in 1985.

Protocol dependencies

• TCP: Typically, FTP uses TCP as its transport protocol. The well-known TCP port for FTP control is 21, and the default for data is 20. However, the actual data port is dynamically negotiated over the control channel based on whether active or passive mode is used.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The FTP dissector is fully functional.

Preference Settings

There are no FTP specific preference settings.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of FTP display filter fields can be found in the display filter reference

Show only the FTP based traffic:

 ftp 

Capture Filter

You cannot directly filter FTP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

External links

• RFC 959 FILE TRANSFER PROTOCOL (FTP)
• FTP at Wikipedia.org

Discussion

Imported from https://wiki.wireshark.org/FTP on 2020-08-11 23:14:13 UTC