Which command can be used in Wireshark to filter for unencrypted file transfers on port 21?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

Which command can be used in Wireshark to filter for unencrypted file transfers on port 21?

Explanation:
The key idea is to filter traffic by the TCP port that FTP uses. Port 21 is the default control channel for FTP, and by default FTP transfers are unencrypted. Using a filter that targets any TCP traffic on port 21 lets you see the FTP control conversations in both directions, which is the common way to spot unencrypted FTP activity. The expression tcp.port == 21 specifically includes packets where either the source or destination port is 21, giving you the relevant FTP traffic to inspect. Other options don’t target the same thing: filtering by a specific IP address narrows to a single host, not to FTP on port 21; filtering TLS on port 21 would only catch encrypted FTP (FTPS) and miss unencrypted FTP; filtering ftp.port != 21 would exclude the primary FTP control traffic on 21 and miss the main unencrypted transfers. If you needed to focus on the actual data transfers, you’d also consider the FTP-data connections, but for unencrypted FTP on port 21, tcp.port == 21 is the best fit.

The key idea is to filter traffic by the TCP port that FTP uses. Port 21 is the default control channel for FTP, and by default FTP transfers are unencrypted. Using a filter that targets any TCP traffic on port 21 lets you see the FTP control conversations in both directions, which is the common way to spot unencrypted FTP activity. The expression tcp.port == 21 specifically includes packets where either the source or destination port is 21, giving you the relevant FTP traffic to inspect.

Other options don’t target the same thing: filtering by a specific IP address narrows to a single host, not to FTP on port 21; filtering TLS on port 21 would only catch encrypted FTP (FTPS) and miss unencrypted FTP; filtering ftp.port != 21 would exclude the primary FTP control traffic on 21 and miss the main unencrypted transfers. If you needed to focus on the actual data transfers, you’d also consider the FTP-data connections, but for unencrypted FTP on port 21, tcp.port == 21 is the best fit.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy