312-50V11 · Question #775
A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols becaus
The correct answer is A. tcp port = = 21. The Wireshark display filter tcp.port == 21 isolates FTP traffic, which is the standard unencrypted file transfer protocol operating on TCP port 21.
Question
A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?
Options
- Atcp port = = 21
- Btcp. port = 23
- Ctcp.port = = 21 | | tcp.port = =22
- Dtcp.port ! = 21
How the community answered
(45 responses)- A76% (34)
- B11% (5)
- C4% (2)
- D9% (4)
Why each option
The Wireshark display filter tcp.port == 21 isolates FTP traffic, which is the standard unencrypted file transfer protocol operating on TCP port 21.
FTP (File Transfer Protocol) uses TCP port 21 for control connections and transmits credentials and data in plaintext, making it the unencrypted file transfer protocol employees may be using in violation of policy. The Wireshark display filter tcp.port == 21 correctly captures FTP control channel traffic for analysis. No other answer choice exclusively targets an unencrypted file transfer protocol.
TCP port 23 is used by Telnet, which is an unencrypted remote terminal protocol, not a file transfer protocol, so this filter would not reveal unencrypted file transfers.
Adding tcp.port == 22 to the filter also captures SFTP and SCP traffic, which are encrypted file transfer protocols running over SSH, so the filter returns both encrypted and unencrypted transfers rather than isolating violations.
The filter tcp.port != 21 excludes all FTP traffic and captures everything else, which would show encrypted protocols such as SFTP (port 22) or FTPS (port 990) rather than isolating unencrypted file transfers.
Concept tested: Wireshark display filter for identifying unencrypted FTP traffic
Source: https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
Topics
Community Discussion
No community discussion yet for this question.