Opdracht 1 capture FTP Capture filter is: tcp port 20 or tcp port 21 Daarna een display filter, omdat er van ipv6 en arp verkeer tussen zat: not arp and ip.addr == 145.92.27.41 or ip.addr == 145.92.27.42 Wat ik gecaptured heb, is een FTP sessie: - Antwoord van FTP server: No. Time Source Destination Protocol Info 22 13.816741 145.92.27.41 145.92.27.42 FTP Response: 220 vax-41.sicilia.os3.nl FTP server (tnftpd 20040810) ready. Frame 22 (117 bytes on wire, 117 bytes captured) Ethernet II, Src: 00:03:93:1e:23:a0, Dst: 00:08:0d:25:c3:05 Internet Protocol, Src Addr: 145.92.27.41 (145.92.27.41), Dst Addr: 145.92.27.42 (145.92.27.42) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 3468 (3468), Seq: 1, Ack: 1, Len: 63 File Transfer Protocol (FTP) 220 vax-41.sicilia.os3.nl FTP server (tnftpd 20040810) ready.\r\n Response code: Service ready for new user (220) Response arg: vax-41.sicilia.os3.nl FTP server (tnftpd 20040810) ready. -User logt in: No. Time Source Destination Protocol Info 24 16.577181 145.92.27.42 145.92.27.41 FTP Request: USER jaap Frame 24 (65 bytes on wire, 65 bytes captured) Ethernet II, Src: 00:08:0d:25:c3:05, Dst: 00:03:93:1e:23:a0 Internet Protocol, Src Addr: 145.92.27.42 (145.92.27.42), Dst Addr: 145.92.27.41 (145.92.27.41) Transmission Control Protocol, Src Port: 3468 (3468), Dst Port: ftp (21), Seq: 1, Ack: 64, Len: 11 File Transfer Protocol (FTP) USER jaap\r\n Request command: USER Request arg: jaap -Password required: no. time source destination protocol info 25 16.579907 145.92.27.41 145.92.27.42 ftp response: 331 password required for jaap. frame 25 (87 bytes on wire, 87 bytes captured) ethernet ii, src: 00:03:93:1e:23:a0, dst: 00:08:0d:25:c3:05 internet protocol, src addr: 145.92.27.41 (145.92.27.41), dst addr: 145.92.27.42 (145.92.27.42) transmission control protocol, src port: ftp (21), dst port: 3468 (3468), seq: 64, ack: 12, len: 33 file transfer protocol (ftp) 331 password required for jaap.\r\n response code: user name okay, need password (331) response arg: password required for jaap. -password wordt ingevoerd -welcome message ftp server -list voor overzicht files -request file test No. Time Source Destination Protocol Info 50 23.571990 145.92.27.42 145.92.27.41 FTP Request: RETR test Frame 50 (65 bytes on wire, 65 bytes captured) Ethernet II, Src: 00:08:0d:25:c3:05, Dst: 00:03:93:1e:23:a0 Internet Protocol, Src Addr: 145.92.27.42 (145.92.27.42), Dst Addr: 145.92.27.41 (145.92.27.41) Transmission Control Protocol, Src Port: 3468 (3468), Dst Port: ftp (21), Seq: 81, Ack: 292, Len: 11 Source port: 3468 (3468) Destination port: ftp (21) Sequence number: 81 (relative sequence number) Next sequence number: 92 (relative sequence number) Acknowledgement number: 292 (relative ack number) Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 65244 Checksum: 0x475a (correct) SEQ/ACK analysis File Transfer Protocol (FTP) RETR test\r\n Request command: RETR Request arg: test - Inhoud van de file (over poort 20) No. Time Source Destination Protocol Info 55 23.573428 145.92.27.41 145.92.27.42 FTP-DATA FTP Data: 28 bytes Frame 55 (94 bytes on wire, 94 bytes captured) Ethernet II, Src: 00:03:93:1e:23:a0, Dst: 00:08:0d:25:c3:05 Internet Protocol, Src Addr: 145.92.27.41 (145.92.27.41), Dst Addr: 145.92.27.42 (145.92.27.42) Transmission Control Protocol, Src Port: ftp-data (20), Dst Port: 5002 (5002), Seq: 1, Ack: 1, Len: 28 Source port: ftp-data (20) Destination port: 5002 (5002) Sequence number: 1 (relative sequence number) Next sequence number: 29 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 32 bytes Flags: 0x0018 (PSH, ACK) Window size: 65535 Checksum: 0x31be (correct) Options: (12 bytes) FTP Data FTP Data: Dit is de geheime textfile\r\n No. Time Source Destination Protocol Info 55 23.573428 145.92.27.41 145.92.27.42 FTP-DATA FTP Data: 28 bytes - transfer complete - quit