File Transfer Protocol - SFTP - TFTP
File Transfer Protocol
- If we understand it, its gonna be the stepping stone for some more protocols that are very complicated.
- Standardized protocol for file transfer.
- Command & Control Channel (21)
- Data transfer channel (20)
- The client initiates the server
- One session for management and the other one for data transfer
- Specialized client software
- Widely supported
- Cleartext by default
- If you are downloading something important
- Any body who is on the wire could potentially take that information and create a copy of that
- If you are downloading something important
- Can secured (SFTP, FTPS)
Trivial File Transfer Protocol
- Standardized and simplified
- UDP 69
- No authentication
- Phones, network devices
- Susceptible to man-in-the-middle (MiTM) attacks.
- Can be assigned via DHCP
- Often what we do with VoIP
FTP Operations Example
-
A client is going to initiate the connection to the server on port TCP 21
-
We do the 3 way handshake and we are asked to authenticate
-
Client asks for the Directory Listing
-
Then the server starts a connection on port 20 to let the client see the Directory Listing
-
Auth, Dir LS?, PORT 31337
- 31337 - This port number is dynamically negotiated
- This happens in the payload of the packet
- Layers 5-7 Payload contains FTP commands
-
Firewall creates an entry in the state table, to allow the user to access PORT 31337 specifically.
-
Firewall needs to be inspecting port 21
-
When the server sees that port number it initiates that return connection
- Firewall may wonder what is that, so we inspect the FTP payload to understand this dynamic negotiation
-
Many applications can do so much ports with just one single port
-
Others use a mix of TCP and UDP ports and dynamically negotiate port numbers.
- This is done by doing payload inspection.
/CAP/Network+/Visual%20Aids/Pasted%20image%2020250122151153.png)