FTP fields
FTP protocol analysis relies on specific fields that capture essential command parameters, data channel information, file transfers, and server responses. Understanding these fields enables accurate interpretation of FTP activity and troubleshooting.
The following fields are commonly used during FTP protocol analysis:
|
Field |
Description |
|---|---|
|
arg |
The parameters associated with an FTP command. |
|
command |
The last FTP command seen in a session. |
|
data_channel.orig_h |
The IP address of a data channel originator. |
|
data_channel.passive |
A boolean value indicating whether passive mode was used for a data channel, for example, true or false. |
|
data_channel.resp_h |
The IP address of a data channel receiving point. |
|
data_channel.resp_p |
The TCP port of a data channel receiving point. |
|
file_size |
The size of a file transferred during an FTP session. |
|
reply_code |
The FTP reply code from a server in response to a command. |
|
reply_msg |
The FTP reply message from a server. |
|
user |
The username used for an FTP session. |