{{ SECURITY Network packet Forensic }}
Chapter_4 : FTP packet analysis
- Port TCP 21 (User athentication, sending the commands), TCP 20 (Sending the response)
- Ethernet II frame, or Ethernet Version 2,[f] or DIX frame is the most common type in use today, as it is often used directly by the Internet Protocol.
- TCP Flags
- ACK (Acknowledge) : with same sequence number from the sender + len of the data at the TCP layer
- SYN (Synchronize) : is used during session setup to agree on initial sequence numbers (random)
- FIN (Finish) : graceful session close (no more data)
- RST (Reset) : abnormal session disconnection
- PSH (Push) : push forces data delivery without waiting for buffers to fill
- URG (Urgent)
- Analyze > Follow TCP Stream
- Statistics > Flow Graph
References
https://support.microsoft.com/en-us/kb/169292
http://www.tamos.net/~rhay/overhead/ip-packet-overhead.htm
TCP IP version : RFC 765 (June 1980) and RFC 959 (October 1985)
RFC 2228 (June 1997) proposes security extensions
FTPS : RFC 4217
반응형
'Security&Encryption > Network Packet Forensic' 카테고리의 다른 글
| TCP Port Scan (0) | 2016.03.06 |
|---|---|
| Analysis for SMTP (0) | 2016.03.06 |
| Analysis HTTP Contents (0) | 2016.03.03 |
| File Magic Number (0) | 2016.03.02 |
| Telnet packet analysis (0) | 2016.03.01 |