VISVESVARAYA TECHNOLOGICAL UNIVERSITY

“JNANA SANGAM”, BELAGAVI-590018

MINI PROJECT ON COMPUTER NETWORKS (BCS502) BASED ONWIRESHAR

TOOL
2024-2025
REPORT ON
ACTIVE AND PASSIVE FTP DESIGN AND SECURITY ANALYSIS
Submitted in partial fulfilment of the requirements of Internal assessment-Assignment For
the award of degree of

Bachelor of Engineering
In

Computer Science and Engineering

By
1KS22CS022 Arnav Hangal 1KS22CS034 Chirag K P
1KS22CS021 Arjav C Prabhu 1KS22CS060 Karthik V
1KS22CS009 Akshay Krishna 1KS22CS017 Anmol Naik S
1KS22CS005 Aditya S 1KS22CS047 Gururaj V A

Under the Guidance of

Dr. Rekha B Venkatapur,
Professor and Head, CSE

Department of Computer Science & Engineering

K S INSTITUTE OF TECHNOLOGY
#14, Raghuvanahalli, Kanakapura Main Road, Bengaluru-560109

I
 K S INSTITUTE OF TECHNOLOGY
#14, Raghuvanahalli, Kanakapura Main Road, Bengaluru-560109
Department of Computer Science & Engineering

CERTIFICATE
This is to certify that mini project work entitled “ Active and Passive FTP Design
and Security Analysis” carried out by Team No. 7 of fifth Semester A/B section
K.S. Institute of Technology in the partial fulfilment for the award of the Bachelor
of Engineering in Computer Science & Engineering of the Visvesvaraya
Technological University, Belagavi, during the year 2024-25. It is certified that all
corrections/suggestions indicated for Internal Assessment of Computer Networks
(BCS502) Course assignment have been incorporated in the report deposited in the
departmental library. The mini project report has been approved as it satisfies the
academic requirements in respect of Mini Project work prescribed for the said degree
for the 5th semester.

Dr. Rekha B Venkatapur Dr. Dillip Kumar K

Prof & HOD, CS & E Dept Principal/Director, KSIT

II
 ACKNOWLEDGEMENT

We take this opportunity to thank everyone involved in making this project. We would like to
thank the college for providing us an opportunity to work on the project.

We would like to thank the management of K.S.Institute of Technology for providing all the
required resources for the project.

We would like to thank our faculty of Computer Networks course and Head of the Department of
Computer Science and Engineering, Dr. Rekha B Venkatapur.

We also thank all the other teaching and non-teaching staff members for supporting and
cooperating while making the project.

Team No : 07

Members

SL.NO USN NAME

01 1KS22CS021 Arjav C Prabhu
02 1KS22CS022 Arnav Hangal
03 1KS22CS009 Akshay Krishna
04 1KS22CS005 Aditya S
05 1KS22CS034 Chirag K P
06 1KS22CS017 Anmol Naik S
07 1KS22CS047 Gururaj V A
08 1KS22CS060 Karthik V

III
 ABSTRACT

The project, "Active and Passive FTP Design and Security Analysis," explores the File Transfer
Protocol (FTP) and its two operating modes—Active and Passive FTP—while focusing on their
implementation, behaviour, and security vulnerabilities. FTP remains a widely used protocol for
transferring files, but its reliance on unencrypted communication introduces critical security risks, such
as plain-text authentication, data sniffing, and brute-force attacks.
This project analyses how Active and Passive FTP operate, highlighting the challenges associated with
firewalls and Network Address Translation (NAT) configurations for each mode. Security
vulnerabilities such as FTP bounce attacks, lack of encryption, and packet sniffing are examined using
tools like Wireshark to demonstrate real-world risks.

To mitigate these risks, the project discusses modern, secure alternatives like FTPS (FTP Secure) and
SFTP (SSH File Transfer Protocol), which provide encryption and stronger authentication
mechanisms. Additionally, best practices for securing FTP servers, such as firewall configurations,
access controls, and transitioning to secure alternatives, are outlined.

By providing a comprehensive analysis of FTP design, vulnerabilities, and solutions, this project
emphasizes the importance of adopting secure protocols for file transfers in modern network
environments.

KEYWORDS
• FTP (File Transfer Protocol)
• Active FTP
• Passive FTP
• Wireshark
• Plain-Text Authentication
• Data Sniffing
• Network Address Translation (NAT)
• Encryption
• Port Management
• Firewall Configuration
• Mitigation Strategies
IV
 CONTENTS

SL .NO CONTENTS PAGE NO

01 ABSTRACT IV

02 Introduction 01

03 Active FTP 02-03

04 Passive FTP 04-05

05 System Analysis 06-07

06 Wireshark analysis 08-09

of Active FTP

07 Wireshark analysis 10-11

of Passive FTP

08 FTP Vulnerabilities and 12-13

Mitigations
09 FTP attacks 14-15

10 Snapshots 16-20

11 Conclusion 21

12 References 22

V
 WEB SERVER MONITORING TECHNIQUES

INTRODUCTION

File Transfer Protocol (FTP) is one of the earliest and most widely used protocols for transferring files
over a network. Developed in the 1970s, FTP facilitates the movement of data between clients and
servers. Over time, FTP has evolved to include two operational modes: Active FTP and Passive FTP,
each with distinct connection processes and network behaviors. Despite its utility, traditional FTP
lacks built-in security features, making it vulnerable to various cyber threats, such as plain-text
authentication, data sniffing, and FTP bounce attacks.

The "Active and Passive FTP Design and Security Analysis" project aims to provide a
comprehensive understanding of how these FTP modes function, their differences, and the challenges
they pose in real-world network environments. It delves into the connection mechanisms, particularly
the role of ports and firewalls, and highlights the limitations of FTP, especially in modern networks
utilizing firewalls and Network Address Translation (NAT).

The project further explores security vulnerabilities in FTP, such as:

• Lack of encryption.
• Brute force attacks.
• Data interception through packet sniffing tools like Wireshark

To address these risks, the project discusses mitigation strategies and introduces secure alternatives
such as FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol), which provide encryption and
enhanced authentication mechanisms. Through analysis, simulations, and security assessments, this
project emphasizes the importance of transitioning from traditional FTP to more secure file transfer
protocols.

Features of FTP:
1. File Transfers: FTP enables the transfer of files (both uploading and downloading) between a
client and a server.
2. Authentication: It supports username and password-based authentication for secure access.
3. Security: While FTP itself is not encrypted, mechanisms like FTPS (FTP Secure) and SFTP
(Secure File Transfer Protocol) add encryption.
4. Persistence: FTP maintains a connection for the entire duration of the session, allowing
multiple operations during a single connection.
1
 WEB SERVER MONITORING TECHNIQUES

Active FTP

Active FTP is one of the two operational modes of the File Transfer Protocol (FTP), which facilitates
file transfers between a client and a server. In Active FTP, the client and server establish two separate
connections: a control connection and a data connection. The control connection is initiated by the
client to the server on port 21, where FTP commands and responses are exchanged. Once the client
requests a file transfer or any data exchange, the client opens a dynamic port and informs the server
about it. The server then actively initiates the data connection back to the client from its port 20 to
the client’s dynamic port.

The term “active” refers to the server’s role in initiating the data connection back to the client, which is
a key characteristic of this mode. The client listens passively for the incoming data connection, while
the server takes the responsibility for actively connecting. This design was suitable in earlier network
environments where firewalls and Network Address Translation (NAT) were not as common.
Despite its simplicity, Active FTP presents challenges in modern networks. Firewalls on the client side
often block incoming connections from external servers for security reasons. Since the data connection
originates from the server to the client, it can be misinterpreted as an unsolicited connection, causing
the firewall to reject it. Similarly, NAT complicates Active FTP because the server attempts to connect
to the private IP address of the client, which is not directly accessible from outside the local network.

While Active FTP works efficiently in trusted and open network environments, these limitations make
it difficult to use in networks protected by firewalls or NAT. As a result, many modern systems prefer
Passive FTP, which allows the client to initiate both control and data connections, making it more
firewall-friendly.

Key Components of Active FTP

1. Control Channel:
• The FTP client opens a random port (n) and sends commands to the server on Port 21.
• The server listens for control messages on Port 21.
2. Data Channel: The server connects to the client’s port (n+1) from its own Port 20 to transfer data

2
 WEB SERVER MONITORING TECHNIQUES

Where is Active FTP Used?

Active FTP is primarily used in private networks or controlled environments where network security
configurations allow external incoming connections. These environments include internal corporate
networks, data centres, or systems where there are minimal restrictions on incoming traffic. In such
networks, firewall rules can be explicitly configured to permit the server to establish the data
connection back to the client. Since the organization manages both the FTP client and server, it is
easier to control ports, implement security measures, and troubleshoot any connectivity issues that
arise.

In scenarios where networks are relatively open or where strict security measures, like firewalls and
Network Address Translation (NAT), are not heavily enforced, Active FTP works efficiently. For
example, within a trusted internal network, administrators may configure firewalls to allow
connections from the FTP server's port 20 to the client’s dynamic port, ensuring seamless file
transfers. This makes Active FTP suitable for environments where security concerns are minimal, and
the need for performance or simplicity outweighs the challenges posed by firewall configurations.

As a result, Active FTP is best suited for controlled, internal environments where administrators have
the flexibility to configure firewalls and allow incoming connections. In contrast, for networks with
higher security restrictions or complex firewall setups, Passive FTP is preferred as it avoids these
issues by allowing the client to initiate both the control and data connections.

3
 WEB SERVER MONITORING TECHNIQUES

Passive FTP

Passive FTP is a mode of the File Transfer Protocol (FTP) designed to overcome the limitations of
Active FTP, particularly in modern network environments that involve firewalls and Network
Address Translation (NAT). In Passive FTP, the client takes a more active role in managing both the
control and data connections, which makes it easier to use in secure or restricted networks.

The communication process begins similarly to Active FTP, where the client initiates a control
connection to the FTP server on port 21 to exchange commands and responses. However, instead of
the server initiating the data connection back to the client, the client sends a PASV command to the
server. In response, the server opens a random, dynamic port (above port 1023) and informs the
client of the port number. The client then actively establishes the data connection to that port, ensuring
that both the control and data connections originate from the client side.

This approach eliminates the need for the server to establish an unsolicited connection back to the
client, which is a major advantage in firewall-protected and NAT-based networks. In modern
systems, firewalls often block incoming connections from external servers as a security measure. Since
Passive FTP avoids this by allowing all communication to be initiated by the client, it is far more
compatible with restrictive network environments.

Passive FTP is widely used in public networks, web hosting services, and cloud environments where
security configurations prevent external servers from connecting back to clients. It is particularly
helpful for users accessing FTP servers from behind corporate firewalls or home routers, where
network administrators restrict inbound connections for security reasons.

4
 WEB SERVER MONITORING TECHNIQUES

Advantages of Passive FTP

The primary advantage of Passive FTP is its firewall-friendliness. Since the client initiates both the
control and data connections, firewalls can easily permit the outbound connections, ensuring smooth
file transfers. Additionally, Passive FTP is more compatible with networks using NAT, as it avoids the
need for the server to communicate with a client’s private IP address, which would otherwise be
inaccessible from outside the network.

Challenges of Passive FTP

While Passive FTP solves many firewall and NAT-related issues, it does introduce a challenge in
terms of port management. The server must open a wide range of dynamic ports for data connections,
which can require additional configuration and increase security concerns if not properly managed.

Overall, Passive FTP is the preferred mode for file transfers in modern network environments due to
its ability to work seamlessly with firewalls and NAT. By allowing the client to control both
connections, it ensures greater compatibility, reliability, and security compared to Active FTP.

5
 WEB SERVER MONITORING TECHNIQUES

System Analysis

1. Problem Definition
The project focuses on addressing the following challenges:

• The insecure nature of FTP due to plain-text authentication and lack of encryption.

• The difficulty of using Active FTP in modern network environments due to firewalls and NAT
issues.

• The vulnerabilities in FTP, such as data sniffing, brute-force attacks, and FTP bounce attacks.

• The need for adopting secure alternatives like FTPS and SFTP for encrypted communication.

2. Functional Requirements
The project includes the following functional components:
• Understanding FTP Modes: Analyze the working of Active FTP and Passive FTP by simulating
their behaviors.
• Comparison and Analysis: Provide a comparison between Active and Passive FTP, highlighting
their workflows, advantages, and limitations.
• Security Analysis: Identify vulnerabilities (e.g., sniffing, plain-text data transfer) using tools like
Wireshark and discuss real-world attack vectors.
• Firewall Configuration: Explore challenges in firewall and NAT setups for FTP, particularly for
Active FTP, and explain solutions through port management.
• Mitigation Strategies: Demonstrate methods to secure FTP communication, including
transitioning to FTPS (SSL/TLS encryption) and SFTP (SSH-based encryption).

3. Non-Functional RequirementsSe

• Security: Emphasis on highlighting vulnerabilities and secure alternatives to FTP.

• Compatibility: Address the differences between Active and Passive FTP in terms of network
environments (firewall/NAT compatibility).
• Reliability: Ensuring accurate demonstrations of FTP behavior and tools like Wireshark to
identify vulnerabilities.
• Performance: Evaluate the impact of FTP operations on network performance, including the
efficiency of alternatives like FTPS and SFTP.

6
 WEB SERVER MONITORING TECHNIQUES

4. Tools and Technologies

The project utilizes various tools and technologies for analysis and demonstration:
• Wireshark: A network packet analysis tool to observe FTP data flow and identify
vulnerabilities like plain-text data transfer.
• FTP Server/Client Software: Tools such as FileZilla to simulate FTP connections and test
Active and Passive modes.
• Firewall Configuration: Practical demonstrations of configuring firewalls to allow or block
FTP traffic.
• Secure Alternatives: Implementation of FTPS and SFTP to demonstrate encryption benefits.

5. System Flow
The system analysis includes the following phases:
1. Understanding FTP Basics: Study the working of FTP, including control and data
connections.
2. Active FTP Simulation: Demonstrate how Active FTP works and highlight its limitations with
firewalls and NAT.
3. Passive FTP Simulation: Show how Passive FTP solves the firewall issues by allowing clients
to control all connections.
4. Vulnerability Identification: Use tools like Wireshark to capture FTP traffic and analyze risks
such as plain-text data transfer and data sniffing.
5. Mitigation Strategies: Explore solutions, including firewall configuration and encrypted
alternatives (FTPS and SFTP).
6. Comparison and Recommendations: Summarize findings, compare FTP modes, and
recommend secure protocols.

The system analysis provides a structured approach to the project by breaking it into logical
components. It ensures a clear understanding of FTP mechanisms, highlights vulnerabilities, and
demonstrates secure alternatives to overcome modern network and security challenges. This project
will help in building awareness about the importance of transitioning from traditional FTP to more
secure

7
 WEB SERVER MONITORING TECHNIQUES

Wireshark Analysis of Active FTP

To perform an analysis of Active FTP using Wireshark, we capture the communication between an
FTP client and an FTP server. In Active FTP, the server initiates the data connection back to the
client, which is evident in the packet capture file.

Understanding Active FTP Process

The Active FTP process follows these steps:
1. The client opens a control connection to the FTP server on port 21 for sending commands and
receiving responses.
2. The client issues a PORT command, informing the server which port (dynamic) the client is
listening on for the data connection.
3. The server initiates the data connection back to the client using port 20 as its source port and the
client's specified port as the destination.
4. File transfer or data communication occurs through the data connection.

Wireshark Capture Setup

• Environment: FileZilla or a similar FTP client connects to an FTP server configured for Active
FTP.
• Tools Used: Wireshark (installed on the client machine) to capture packets.
• Filters: Use filters like ftp (to capture control connection) and tcp.port == 20 (to capture data
connections).

Analyzing the Capture File ………………………………………………...

Step 1: Establishment of Control Connection

• The client initiates a TCP connection to the server's FTP control port (21).
• This is visible as a TCP SYN handshake.
• In Wireshark, look for packets with:
➢ Source Port: Random (Client Port)
➢ Destination Port: 21 (FTP Server Control Port)

8
 WEB SERVER MONITORING TECHNIQUES

Step 2: PORT Command Sent by the Client

• After logging in, the client sends the PORT command to tell the server which port it is
listening on for the data connection.
• In Wireshark, filter by ftp to locate the PORT command.

Step 3: Data Connection Initiated by the Server

• The server uses its FTP data port (20) to establish a connection back to the client’s specified
port (e.g., 31533).
• In Wireshark, look for a TCP SYN packet from:
➢ Source Port: 20 (Server Data Port)
➢ Destination Port: Client-specified port (e.g., 31533)

Step 4: File Transfer Over the Data Connection

• Once the data connection is established, the actual file transfer begins.
• Data packets are exchanged between the server and client over the data channel.
• In Wireshark, use the filter tcp.port == 20 to observe the data transfer.
Observation: You will see a sequence of TCP packets (segments) containing file data being
transmitted between the server and client.

Step 5: Closing the Connections

• Once the file transfer is complete, the data connection is terminated, followed by the control
connection.
• Look for TCP FIN/ACK packets indicating connection closure.

9
 WEB SERVER MONITORING TECHNIQUES

Wireshark Analysis of Passive FTP

Understanding Passive FTP Process
The Passive FTP process operates as follows:

1. The client initiates a control connection to the FTP server on port 21 (like in Active FTP).

2. The client sends a PASV command to the server, asking the server to open a dynamic, high-
numbered port for data transfer.

3. The server responds with the port number that it will use for the data connection.

4. The client then opens a data connection to the server on the specified port.

5. Data transfer occurs over this data connection.

Wireshark Capture Setup

• Environment: An FTP client (such as FileZilla) connects to an FTP server configured for
Passive FTP.
• Tools Used: Wireshark (installed on the client machine) to capture packets.
• Filters: Use filters like ftp (to capture FTP control traffic) and tcp.port == [PortNumber] (to
capture data connection traffic).

Analysing the Capture File for Passive FTP

Step 1: Establishment of Control Connection

• The client establishes a TCP connection to the server’s FTP control port (port 21).
• This is captured as a TCP handshake in Wireshark.
Step 2: Sending the PASV Command
• The client sends the PASV command to the server, requesting it to open a random port for the
data connection.
• The response includes the server’s IP address (192.168.1.10) and the port number (calculated
as 196*256 + 83 = 50339).
Step 3: Client Initiates Data Connection
• The client then establishes the data connection to the server on the specified port (e.g., 50339).
• In Wireshark, this is visible as a TCP connection from the client’s IP to the server’s specified
data port.

10
 WEB SERVER MONITORING TECHNIQUES

Step 4: Data Transfer

• Once the data connection is established, the file transfer begins, and data is exchanged between
the client and the server.
• In Wireshark, you can filter by tcp.port == 50339 (or any other dynamic port used) to capture
the data transfer packets.
Step 5: Closing the Connection
• After the file transfer is complete, the data connection is closed.
• This is indicated by TCP FIN/ACK packets in Wireshark

11
 WEB SERVER MONITORING TECHNIQUES

FTP Vulnerabilities and Mitigations

1. Plain-Text Authentication
Vulnerability:
• FTP transmits credentials (username and password) in plain text without encryption.
• This exposes the login information to packet sniffing tools, allowing attackers to intercept and
read sensitive data.
Mitigation:
• Use FTPS (FTP Secure) or SFTP (SSH File Transfer Protocol), which encrypt the
authentication process and data.
• Implement strong passwords and multi-factor authentication (MFA) to enhance security.

2. Data Sniffing
Vulnerability:
• FTP transmits files and commands in unencrypted plain text.
• Attackers can use tools like Wireshark to sniff network traffic and steal sensitive data during
transfer.
Mitigation:
• Encrypt data during transit by using FTPS or SFTP to prevent interception.
• Use VPNs (Virtual Private Networks) for additional encryption when transferring files over
public networks.

3. FTP Bounce Attack

Vulnerability:
• An attacker can exploit the PORT command in FTP to relay malicious traffic through an FTP
server to target other systems.
• This can allow attackers to bypass firewall restrictions and launch attacks from the server's IP
address.
Mitigation:
• Disable support for the PORT command (Active FTP) on the server.
• Configure the FTP server to allow connections only from trusted IP addresses.
• Use firewalls to monitor and restrict outbound connections from the FTP server.

12
 WEB SERVER MONITORING TECHNIQUES

4. Brute Force Attacks

Vulnerability:
• FTP servers can be targeted with brute-force attacks where attackers repeatedly guess
usernames and passwords.
• This can lead to unauthorized access if weak credentials are used.
Mitigation:
• Implement account lockout policies after a set number of failed login attempts.
• Use strong password policies (long, complex passwords).
• Deploy Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) to detect
and block brute-force attempts.

5. Lack of Encryption
Vulnerability:
• FTP does not natively provide encryption for data transfers, leaving data vulnerable to
eavesdropping or tampering.
Mitigation:
• Use encrypted alternatives like FTPS (TLS/SSL) or SFTP (SSH).
• Configure servers to enforce encrypted connections and reject plain-text logins.

6. Anonymous FTP Access

Vulnerability:
• Some FTP servers allow anonymous access, which attackers can exploit to upload malicious
files or access sensitive directories.
Mitigation:
• Disable anonymous FTP access unless absolutely necessary.
• Implement strict permissions and access controls on FTP directories.
• Regularly audit FTP servers for misconfigurations.

13
 WEB SERVER MONITORING TECHNIQUES

FTP Attacks

File Transfer Protocol (FTP) is a standard method for transferring files across networks, but it has several
vulnerabilities that attackers often exploit. These vulnerabilities arise primarily because FTP was
designed without robust security mechanisms like encryption or access controls. As a result, FTP is
susceptible to various attacks, which can compromise sensitive data, disrupt services, or allow
unauthorized access.

1. Brute-Force Attack
A brute-force attack is one of the most common FTP attacks where an attacker systematically guesses
the username and password combinations to gain unauthorized access to the server. Automated tools,
such as Hydra and Medusa, make this process efficient by rapidly cycling through possible
credentials. If weak or default passwords are used, attackers can easily gain access, allowing them to
download, upload, or delete files. Brute-force attacks are particularly dangerous on publicly accessible
FTP servers. To mitigate this, administrators must enforce strong password policies, implement
account lockout mechanisms after multiple failed login attempts, and deploy intrusion detection
systems (IDS) to monitor and block brute-force activity.

2. FTP Bounce Attack

In an FTP bounce attack, an attacker exploits the PORT command in FTP to relay malicious traffic
through the FTP server to target another system. This type of attack leverages the FTP server as an
intermediary, allowing the attacker to bypass firewalls and disguise their real identity. For example, an
attacker can send malicious requests to a third-party system, making it appear as though the traffic
originates from the FTP server itself. The FTP bounce attack can be used for network scanning or even
to bypass network restrictions. To mitigate this risk, FTP servers should disable support for the PORT
command and restrict the use of Active FTP mode. Implementing firewalls that monitor and block
unexpected traffic can also help prevent such attacks.

3. Packet Sniffing
Since FTP transmits data, including credentials, in plain text, attackers can use packet-sniffing tools
such as Wireshark or tcpdump to intercept FTP traffic. This allows attackers to read sensitive
information, such as usernames, passwords, and the contents of transferred files. Packet sniffing is
particularly effective when FTP is used over unsecured or public networks, where an attacker can
monitor the traffic. To prevent this, organizations should transition to encrypted alternatives such as

14
 WEB SERVER MONITORING TECHNIQUES

FTPS (FTP over TLS/SSL) or SFTP (Secure FTP) to ensure that both login credentials and data are
encrypted during transmission. Additionally, using a Virtual Private Network (VPN) can add an extra
layer of encryption for FTP traffic.

4. Anonymous FTP Exploits

FTP servers sometimes allow anonymous access, enabling users to connect without authentication.
While this feature can be useful for sharing public files, it is often misused by attackers to upload or
distribute malicious content, such as malware or phishing files. Furthermore, poorly configured
anonymous FTP servers may expose sensitive files unintentionally. To address this, anonymous FTP
access should be disabled unless absolutely necessary. If enabled, strict permissions and access
controls must be implemented, and uploaded files should be regularly scanned for malware. Logging
and monitoring FTP activity can help detect unauthorized use.

FTP remains a useful protocol for file transfers but is inherently insecure if left unprotected. Brute-
force attacks, bounce attacks, packet sniffing, anonymous access exploits, and denial of service attacks
are among the most common threats to FTP systems. To secure FTP servers, administrators must
disable unnecessary features, enforce strong authentication, use encrypted alternatives such as FTPS or
SFTP, and implement monitoring to detect suspicious activity. By addressing these vulnerabilities,
organizations can minimize the risks associated with FTP and ensure secure file transfers.

15
WEB SERVER MONITORING TECHNIQUES

Snapshots

FileZilla Server

Connection Successful

16
WEB SERVER MONITORING TECHNIQUES

FileZilla Client

FileZilla Client after sharing

17
WEB SERVER MONITORING TECHNIQUES

Wireshark

Captured Data

18
WEB SERVER MONITORING TECHNIQUES

Presentation

A
ata onnection erver connects back to the client s random lient connects to a server s random port.
port
ho initiates data erver initiates the data connection. lient initiates the data connection
Firewall compatibility e uires comple configurations for client asier to configure with firewalls on the
firewalls. client side.
ommon se ases egacy systems, tightly controlled server odern systems, T firewall friendly
environments. environments.
ulnerability to ulnerable to malicious commands that direct ess vulnerable as the client initiates
poofing the server to connect elsewhere. connections.
erver Port Fi ed (port for data and port for control . erver opens dynamic, random ports for
onfiguration each data session.

19
WEB SERVER MONITORING TECHNIQUES

S S
ncrypts data using .
perates over port .
upports various authentication methods (passwords, keys .
S S
ses T for encryption.
ompatible with e isting FTP setups.
ffers e plicit and implicit security modes.
S S
dds a layer of security to TTP.
ncrypts data during transmission.
idely used for secure web communications.
M M
omprehensive solution supporting multiple secure protocols.
nsures compliance with industry regulations.
Provides detailed audit trails for file transfers.

I I

E A A

M L

20
 WEB SERVER MONITORING TECHNIQUES

CONCLUSION

The analysis and study of Active and Passive FTP, along with their vulnerabilities, have highlighted
the importance of securing file transfer protocols in modern network environments. While FTP
remains a widely used method for transferring files, its inherent design flaws, such as lack of
encryption and susceptibility to various attacks, make it a vulnerable protocol in today's security
landscape.

Through the detailed exploration of Active FTP and Passive FTP, we understand their connection
processes, use cases, and the challenges associated with firewall and NAT configurations. While
Active FTP is suitable for controlled environments, Passive FTP offers greater compatibility in secure
and complex networks, particularly when firewalls and NATs are involved.

The study also shed light on FTP vulnerabilities, including plain-text authentication, packet
sniffing, brute-force attacks, and FTP bounce exploits. These weaknesses emphasize the urgent
need for mitigation strategies, such as adopting FTPS (FTP Secure) or SFTP (Secure File Transfer
Protocol), which provide encryption to protect data and credentials during transit.

Using tools like Wireshark for packet analysis, this project examined real-world FTP traffic, allowing
us to identify and analyze FTP behavior and vulnerabilities at a technical level. This reinforces the
significance of monitoring and securing network protocols to prevent unauthorized access and attacks.
In conclusion, FTP, while functional, is outdated in terms of security and requires careful configuration
and additional safeguards to remain viable. Organizations are encouraged to adopt secure alternatives
like SFTP and FTPS to ensure data confidentiality and integrity during file transfers. Implementing
firewalls, access controls, strong authentication mechanisms, and regular monitoring will further
enhance the security posture of file transfer systems. This project serves as a foundation for
understanding FTP's role, its security challenges, and the best practices necessary to secure file transfer
operations in today's networks.

21
 WEB SERVER MONITORING TECHNIQUES

REFERENCES

RFC 959: File Transfer Protocol (FTP)

• Postel, J., & Reynolds, J. (1985). File Transfer Protocol.

• Retrieved from: https://www.rfc-editor.org/rfc/rfc959

Introduction to FTP

• W. Stallings, Data and Computer Communications, 10th Edition, Pearson Education,

2014.

Common FTP Vulnerabilities and Solutions

• OWASP Foundation. (2021). Common Security Weaknesses in FTP.

• Retrieved from: https://owasp.org/

Active vs Passive FTP

• Lin, X., & Chen, Y. (2019). Understanding FTP Modes in Firewalls and NAT Environments.
• Retrieved from: https://networkengineering.stackexchange.com

Packet Sniffing Tools and Techniques

• Beale, J., & Baker, J. (2017). Practical Packet Analysis: Using Wireshark to Solve Real-World
Network Problems (3rd Edition). No Starch Press.

22