Just implementing a FTP server and use wireshark to analize the protocol. I find there is a protocol identified by wireshark FTP-DATA. What is that? Any document or RFC can be referred?
Thanks and Best Regards.
Asked
Active
Viewed 2.0k times
1
Summer_More_More_Tea
- 1,053
2 Answers
5
It's port 20 according to the wiki.
Port 21 is used for control data. The actual file data is sent on a different port.
To my knowledge, that port is usually negotiated before transfer. I don't know if Wireshark uses a fixed value of 20 or if it knows what port was used for data transmission.
Please note that what Wireshark calls a protocol is something like TCP.
I'm assuming you're talking about a human-readable version of a port.
From: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvNameResolutionSection.html
7.7.5. TCP/UDP port name resolution (transport layer)
Try to resolve a TCP/UDP port (e.g. 80) to something more "human readable".
TCP/UDP port conversion (system service): Wireshark will ask the operating system to convert a TCP or UDP port to its well known name (e.g. 80 → http).
XXX - mention the role of the /etc/services file (but don't forget the files and folders section)!
So, it's a static lookup approach from port number to service. The information is basically meaningless.
Oliver Salzburg
- 89,072
- 65
- 269
- 311
2
There are 2 ports associated with the FTP protocol. They are 20 and 21 with 20 being the channel in which the data travels over(ftp-data) while port 21 is the port that the control messages are sent over (i.e 200 OK).
There are also differences regarding passive or active mode with passive using a random high port for data trasfer.
Also keep in mind ftp by default is plain text and easily intercepted over the wire. If this FTP solution is not inside your LAN's foot print I would recommend sftp, ftp over vpn or scp for moving files to and from the server.
dc5553
- 203