312-50V10 · Question #775
A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols becaus
The correct answer is A. tcp port = = 21. FTP uses TCP port 21 for unencrypted file transfers, so filtering for tcp.port == 21 in Wireshark isolates plaintext FTP sessions.
Question
A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?
Options
- Atcp port = = 21
- Btcp. port = 23
- Ctcp.port = = 21 | | tcp.port = =22
- Dtcp.port ! = 21
How the community answered
(52 responses)- A71% (37)
- B15% (8)
- C6% (3)
- D8% (4)
Why each option
FTP uses TCP port 21 for unencrypted file transfers, so filtering for tcp.port == 21 in Wireshark isolates plaintext FTP sessions.
FTP (File Transfer Protocol) uses TCP port 21 for its control channel and transmits all data including credentials in cleartext, making it an unencrypted file transfer protocol. The Wireshark display filter tcp.port == 21 precisely targets FTP control traffic, allowing the analyst to identify employees bypassing the policy requiring encrypted file transfer protocols.
TCP port 23 is assigned to Telnet, which is an unencrypted remote terminal protocol, not a file transfer protocol - filtering on port 23 would not reveal FTP activity.
Adding tcp.port == 22 alongside port 21 would also capture SSH and SFTP traffic, which are encrypted file transfer methods compliant with policy, contaminating the results with authorized transfers.
Filtering tcp.port != 21 excludes FTP traffic entirely and captures all other TCP ports, which would not specifically identify unencrypted file transfer activity and would flood results with unrelated traffic.
Concept tested: Wireshark display filters for FTP detection
Source: https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
Topics
Community Discussion
No community discussion yet for this question.