ftpwireshark

why FTP use 2 different packets for PASS and USER


wireshark-output

As I use Wireshark to capture packets, i realize that the USER packet and PASS packet is sent in different packets. Is this some sort of standard? Why don't we combine username and password in 1 packet?

I was trying to find a lot of sources and stuff, but couldn't find anything related.


Solution

  • tldr;

    USER and PASS commands are treated as separate requests because they are logically distinct steps in the authentication process that the server must handle independently.


    The answer is in RFC959

    4.2. FTP REPLIES

    Some commands occur in sequential groups, such as USER, PASS and
    ACCT, or RNFR and RNTO. The replies show the existence of an
    intermediate state if all preceding commands have been successful.

    Note that "sequentially". Now in 5.4, we have the sequence of commands and replies.

    For the LOGIN:

     5.4.  SEQUENCING OF COMMANDS AND REPLIES
    
     This listing forms the basis for the state
     diagrams, which will be presented separately.
    
      Connection Establishment
           120
           220
           220
           421
      Login
        USER
           230
           530
           500, 501, 421
           331, 332
        PASS
           230
           202
           530
           500, 501, 503, 421
           332
       ACCT
           230
           202
           530
           500, 501, 503, 421
       CWD
           250
           500, 501, 502, 421, 530, 550
       CDUP
           200
           500, 501, 502, 421, 530, 550
       SMNT
           202, 250
           500, 501, 502, 421, 530, 550
              
    

    Note that each command has its own reply list from the server, and how USER and PASS are sequential commands.

    In short, FTP's structure naturally leads to this: USER and PASS commands are treated as separate requests.

    The server handles these commands sequentially and independently, meaning that the commands must be sent in different packets.