Certified Ethical Hacker (CEH v11) — Question 180
A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?
Answer options
- A. tcp.port = = 21
- B. tcp.port = 23
- C. tcp.port = = 21 | | tcp.port = =22
- D. tcp.port ! = 21
Correct answer: A
Explanation
The correct answer is A, as TCP port 21 is used for FTP, which is an unencrypted protocol for file transfers. Option B refers to Telnet (port 23), which is also unencrypted but not specifically for file transfers. Option C includes both FTP and SSH (port 22), which is encrypted, and thus does not correctly identify only unencrypted traffic. Option D excludes FTP traffic entirely, making it ineffective for this purpose.