The first task is to capturing File transfer protocol (FTP) username and password. Firstly, we have created 2 Windows Server 2003 virtual machine with one is winserv03_server, IP address of 192.177.1.107 and another one is winserv03_client, with the IP address of 192.177.1.105. Winserv03_server is installed with FTP and Wire Shark in it. On winserv03_client, we login to FTP server on winserv03_server by using command. While on winserv03_server, we login view the Wire Shark interface, I notice that username and password that we use to login to FTP server can clearly seen on the monitor.
The second task is to using IPSec to secure FTP transaction. IPSec is one of the solutions to safeguard the transmission of data over FTP from being seen by an unauthorized user. Even though it is not mandatory to use IPSec in IPv4, it is already available in IPv4 and user has the choice to enable it. IPSec will encrypt the data sent using normal FTP connection, thus only the authorized party can see the content. On winserv03_server, we change several setting of Management Console to implement IP security and change some setting on winserv03_client to enable authentication method. After a few steps of configuration of FTP and Wire Shark, we try to login just like task 1. The result of task 2 is Wire Shark cannot display the username and password.
