Monday, 18 August 2014

Packet Analysis 1- FTP Authentication

"This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.The pcap file used in this example is from a CTF challenge "

Protocol - File Transfer Protocol - Used for transferring files from one host to another. 
Connection Type - TCP
Commonly Used Commands : USER , PASS , RETR

So the challenge scenario is something like this . 

Extract the credentials required for the FTP Authentication out of the pcap file .

So to solve this challenge I will use Wireshark. First I load the pcap file in Wireshark.

Now my objective is to find out the credentials required for the ftp authentication . So in the filter bar I will write "ftp" so that it displays the packets matching the FTP protocol only. Now if we look closely at the results we will see a lot of response codes . The response "230 User Sandy logged in" is pretty interesting. 

So I will right click on that and select "Follow TCP Stream"

So now I am able to retrieve the username and password required for authentication.