What is the protocol 'ftp-data' identified by wireshark?
Solution 1
It's port 20
according to the wiki.
Port 21
is used for control data. The actual file data is sent on a different port.
To my knowledge, that port is usually negotiated before transfer. I don't know if Wireshark uses a fixed value of 20
or if it knows what port was used for data transmission.
Please note that what Wireshark calls a protocol is something like TCP.
I'm assuming you're talking about a human-readable version of a port.
From: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvNameResolutionSection.html
7.7.5. TCP/UDP port name resolution (transport layer)
Try to resolve a TCP/UDP port (e.g. 80) to something more "human readable".
TCP/UDP port conversion (system service): Wireshark will ask the operating system to convert a TCP or UDP port to its well known name (e.g. 80 → http).
XXX - mention the role of the /etc/services file (but don't forget the files and folders section)!
So, it's a static lookup approach from port number to service. The information is basically meaningless.
Solution 2
There are 2 ports associated with the FTP protocol. They are 20 and 21 with 20 being the channel in which the data travels over(ftp-data) while port 21 is the port that the control messages are sent over (i.e 200 OK).
There are also differences regarding passive or active mode with passive using a random high port for data trasfer.
Also keep in mind ftp by default is plain text and easily intercepted over the wire. If this FTP solution is not inside your LAN's foot print I would recommend sftp, ftp over vpn or scp for moving files to and from the server.
Related videos on Youtube
user3318603
Updated on September 18, 2022Comments
-
user3318603 over 1 year
Just implementing a FTP server and use wireshark to analize the protocol. I find there is a protocol identified by wireshark
FTP-DATA
. What is that? Any document or RFC can be referred?Thanks and Best Regards.
-
user3318603 about 12 yearsThanks for your reply. But the wiki also says
the FTP data port is negotiated through the control port and will typically vary in an "unpredictable" manner.
And in my case,PASV
has been turned on, two port numbers are 53213(src) and 3602(dest) respectively. -
user3318603 about 12 yearsThanks. I implement partial of FTP, and try to connect my server with FileZilla client. The client can't receive data from data connection in
PASV
mode. I also tried telnet connection, it works(I mean, I can connect the passive data socket and receive data there.) Have no idea where things go wrong. -
Ivan Kastorsky about 12 yearssee my answer regarding passive..
-
user3318603 about 12 yearsThanks. When you say high, is there a lower bound? Cause my ftp is implemented on a cloud platform. The port number I can use should be pre-allocated.
-
Ivan Kastorsky about 12 yearsLower bound is 1024, by high i also mean ephemeral.