nerdexam
EC-Council

312-50V13 · Question #68

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols becaus

The correct answer is A. tcp.port = = 21. To identify unencrypted file transfers in Wireshark, the display filter should target common unencrypted file transfer protocols. TCP port 21 is the standard control port for File Transfer Protocol (FTP), which transmits data unencrypted, making tcp.port == 21 an effective filter

Submitted by lucia.co· Mar 6, 2026Sniffing

Question

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

Options

  • Atcp.port = = 21
  • Btcp.port = 23
  • Ctcp.port = = 21 | | tcp.port = =22
  • Dtcp.port ! = 21

How the community answered

(31 responses)
  • A
    77% (24)
  • B
    13% (4)
  • C
    6% (2)
  • D
    3% (1)

Why each option

To identify unencrypted file transfers in Wireshark, the display filter should target common unencrypted file transfer protocols. TCP port 21 is the standard control port for File Transfer Protocol (FTP), which transmits data unencrypted, making `tcp.port == 21` an effective filter for this purpose.

Atcp.port = = 21Correct

The display filter `tcp.port == 21` in Wireshark will specifically show traffic destined for or originating from TCP port 21. This port is the well-known control port for FTP (File Transfer Protocol), which is an unencrypted protocol used for file transfers, thus matching the requirement to find unencrypted file transfers.

Btcp.port = 23

The display filter `tcp.port == 23` targets TCP port 23, which is used by Telnet. While Telnet is unencrypted, it is primarily a remote access protocol, not a dedicated file transfer protocol like FTP.

Ctcp.port = = 21 | | tcp.port = =22

The display filter `tcp.port == 21 || tcp.port == 22` includes both FTP (port 21, unencrypted) and SSH/SFTP (port 22, encrypted). The question specifically asks to find *unencrypted* file transfers, so including port 22 is incorrect.

Dtcp.port ! = 21

The display filter `tcp.port != 21` would show all TCP traffic that is *not* on port 21. This would include many other protocols, both encrypted and unencrypted, and would not specifically isolate unencrypted file transfer traffic.

Concept tested: Wireshark display filters and common ports

Source: https://www.wireshark.org/docs/wsug_html_chunked/ChBuildDisplayFilterReference.html

Topics

#Wireshark#packet analysis#FTP#unencrypted protocols#sniffing

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice