Certified Ethical Hacker (CEH v10) — Question 191

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

Answer options

• A. tcp port = = 21
• B. tcp. port = 23
• C. tcp.port = = 21 | | tcp.port = =22
• D. tcp.port ! = 21

Correct answer: A

Explanation

Option A is correct because it filters for traffic using FTP, which operates on port 21, a common unencrypted protocol. Option B is incorrect as it refers to Telnet, which is also unencrypted but not specifically for file transfers. Option C is incorrect because it includes SSH (port 22), which is encrypted, thus not specifically targeting unencrypted transfers. Option D incorrectly filters out port 21, which would not effectively help in finding unencrypted file transfers.