2

I am using nmap to scan open ports on a device which uses FTP protocol to transfer firmware for update. But it is showing all 1000 ports are closed.

It comes with a software to update its firmware. When we connect device to computer and use ifconfig to list IP addresses connected with device, it shows new IP address which is used by that device. Using wireshark we can monitor all protocols used by that software and device to communicate with each other. But there is no mention of FTP protocol in wireshark output. only SSDP, LLDP and MDNS protocols are used. I want to know how that software is transferring data to device when all ports are closed (as shown in Nmap output). If ports are protected using firewall, is there any way to bypass that firewall? and how to identify that firewall first. Please help and if I missed some points which I must mention to explain my problem then please comment.

Link to wireshark output - here

Improve this question
12
  • Pcap instead of txt? What is the device? How do you know it uses FTP (you say that Wireshark does not mention FTP)? How and under which circumstances does the device get updates? If the device is downloading the update e.g. from a website there is no need for an open port on the device since it does not run a network service itself. Also firewalls often block incoming but not outgoing connections. Commented Mar 31, 2023 at 19:53
  • @secfren It is DJI drone which uses FTP to upgrade firmware. First its assistant software downloads firmware from its CDN website and than it uses FTP protocol to transmit it to the device using USB. How do I know? because in previous version of devices FTP port was open and you could monitor packets transferring from Computer to device using wireshark. But in this version you can see that it creates a Host with particular IP - 192.168.42.3 (in our case) . This IP is always same. by scanning this IP using nmap you can see Host is up but it shows all ports are closed. Commented Apr 1, 2023 at 8:36
  • When it uses USB, how does it transfer data? Via network (usb-to-ethernet) or directly via USB? In the latter case you won't see any open ports, nor lots of packets on the ethernet interface. You'd need to capture on the USB port. Was the Wireshark dump captured during firmware download to the device? Transferred amount of bytes seems rather small ... You could try to disassemble the firmware and look if it still has software for ftp or if an ftp or firewall service is enabled. Maybe they just removed ftp (if it is not used for updates). github.com/o-gs/dji-firmware-tools Commented Apr 1, 2023 at 9:18
  • nozominetworks.com/blog/… "because in previous version of devices FTP port was open and you could monitor packets transferring from Computer to device using wireshark. " Packets? Or complete firmware upgrades? Commented Apr 1, 2023 at 9:33
  • @secfren Actually first firmware is transferred into the drone and then Drone itself unzip or untar the firmware (Because Firmware bin is compression of multiple modules). After unzipping, it decrypts the firmware. If you go by this than you can say it transmit whole firmware in single transmission and not packets. Commented Apr 1, 2023 at 9:48

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.