Network packet analysis reveals the stark security differences between FTP, FTPS, and SFTP. Using Wireshark to capture a wp-config.php file transfer demonstrates why security matters.
FTP Transfer Analysis:
Frame 15: FTP Control Channel
220 Welcome to FTP Server
USER admin
331 Password required
PASS db_password123
230 User logged in
RETR wp-config.php
Frame 23: FTP Data Channel (Unencrypted)
define('DB_NAME', 'wordpress_db');
define('DB_USER', 'wp_user');
define('DB_PASSWORD', 'SecretPass123!');
define('DB_HOST', 'localhost');The FTP capture shows credentials transmitted in plain text, making database passwords visible to any network observer.
FTPS Transfer Analysis:
Frame 12: TLS Handshake
Client Hello, TLS 1.2
Server Hello, Certificate, Key Exchange
Client Key Exchange, Certificate Verify
Frame 18: Encrypted FTP Data
Application Data (Encrypted): [Unreadable binary data]
TLS Record: Application Data Length: 1024SFTP Transfer Analysis:
Frame 8: SSH Protocol
SSH-2.0-OpenSSH_8.0
Key Exchange, Encrypted Session
Frame 12: SFTP over SSH
SSH Protocol: Encrypted packet data
SFTP: [All data encrypted within SSH tunnel]Both FTPS and SFTP show encrypted data, protecting sensitive information from network sniffing. This analysis demonstrates why plain FTP is unsuitable for transferring sensitive files like configuration files containing database credentials.
