Overview of FTP Authentication
This section discusses how FTP performs authentication. We need to understand this before we step through FTP dissector source code for Ettercap.
FTP is a plain-text protocol, and it uses no encryption. FTP servers
listen on TCP port 21 by default. To authenticate with an FTP server,
the client establishes a connection to TCP port 21 and expects a
banner that is preceded with 220:
220 Welcome to ftp.example.com
The banner string is irrelevant and can be changed by the FTP server
administrator. By default, banner strings of some FTP servers provide
the FTP server name and version number. With respect to the Ettercap
dissector, we are concerned with only the 220
response code,
which signifies that the FTP server is ready to serve further
requests.
To authenticate with the FTP server, a client sends the
USER
command followed by the
user’s username:
USER john
If the FTP server is ready to authenticate the user, it responds with
a 331 response code:
331 Please specify the password.
Next, the FTP client sends the PASS command
followed by the user’s password:
PASS try4ndgu355m3!!
If the supplied password is correct, the FTP server responds with a
230 response code:
230- Welcome to ftp.example.com 230 Login successful.
The outcome of a request to an FTP server depends mainly on the first digit of the three-digit response code. Table 2-1 lists FTP response codes and their meanings, based on the first digit of the code.
Table 2-1. FTP response codes
|
Response code |
|---|
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
