Viewing an FTP transfer We will now

Viewing an FTP transfer We will now look at the file transfer between an FTP client and an FTP server. You will need a second computer on your network capable of providing file transfer services (an FTP

7
server). The easiest way to set up an FTP server is to download the open source program, Filezilla. It has both a server version that you can use to store files and a client version, which is used to access your server from another computer. Step 1: Setting up the FTP Server Download the Filezilla server from http://filezilla-project.org and install it on one computer. You can accept all the defaults for this demonstration, but you will need to create a user and assign a home directory to that user. Make sure you give the user a password but do not enable SSL. For this lab, we chose the username “johndoe” and a password “secret”. See Figure 10. Note: Your firewall may need to be configured to allow connections to FileZilla Server.
Figure 10: Creating an FTP user in FileZilla Download the Filezilla client from the same website as above and install it on a second computer. You can accept all the defaults including having the program start after installation. Step 2: Monitor the FTP login exchange To see the packet interchange between the two computers, perform the following: 1) Open Wireshark on the client, ensure that your capture options are set as before and begin another capture session. 2) Connect to the FTP server by typing in its IP address, user name and password in the text boxes at the top of the client software, then press “Quickconnect”. This is shown in Figure 11.
Figure 11: Connecting to the FTP Server 3) Stop the packet capture.

8
Look for the FTP packets in the Protocol column (or apply a filter to show only ftp protocol packets). In the “Info” column they will say “Request: …” and “Response: …” You should notice that the username and password are displayed for you in this column in clear text. This is shown in Figure 12. If you have never seen a password revealed in a packet sniffer, it can be a real eye opener. Although we know that FTP servers are inherently not secure, this demonstration should make you think about the security of other types of logins. Try this: if you have a domain controller on your network, try logging on to it from a workstation and sniffing the packets as you do so. Are you able to find the password? (Hopefully not.) Now set up a database server for which the security setting is controlled by the operating system and do the same thing. If the security is not configured correctly, not only will you be able to find the login information (user name and password), but data will be passed in the clear also.