Encrypted UDP based FTP with multicast (UFTP)
UFTP is an encrypted multicast file transfer program, designed to securely, reliably, and efficiently transfer files to multiple receivers simultaneously. This is useful for distributing large files to a large number of receivers, and is especially useful for data distribution over a satellite link (with two way communication), where the inherent delay makes any TCP based communication highly inefficient. The multicast encryption scheme is based on TLS with extensions to allow multiple receivers to share a common key. UFTP also has the capability to communicate over disjoint networks separated by one or more firewalls (NAT traversal) and without full end-to-end multicast capability (multicast tunneling) through the use of a UFTP proxy server. These proxies also provide scalability by aggregating responses from a group of receivers.
UFTP was first released by Dennis Bush on 7/6/2001. Version 1.0 appeared 12/17/2002. Version 2.0 appeared 5/4/2006. Version 3.0 appeared 3/11/2010, adding SSL derived encryption. Version 4.0 appeared 4/27/2013, adding IPv6 support. Version 5.0 appeared 4/22/2020, adding security updates in line with TLS 1.3.
- UDP: Typically, UFTP uses UDP as its transport protocol. The well known UDP port for UFTP traffic is 1044.
Example traffic (UFTP_v5_transfer.pcapng)
Frame 12: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) on interface ens33, id 0 Ethernet II, Src: 00:0c:29:e4:53:3b, Dst: 01:00:5e:04:04:01 Internet Protocol Version 4, Src: 192.168.1.186, Dst: 184.108.40.206 User Datagram Protocol, Src Port: 37457, Dst Port: 1044 UDP based FTP w/ multicast V5 Protocol Version: 0x50 Type: ANNOUNCE (1) Sequence Number: 6 Source ID: 0xc0a801ba Group ID: 0x0211a8c5 Group Instance ID: 0 Group Round Trip Time: 0.0105273022466847 Group Size: 1 Reserved: 0x00 ANNOUNCE Type: ANNOUNCE (1) Header Length: 24 bytes (6) Flags: 0x00 .... ...0 = Sync mode: False .... ..0. = Sync preview mode: False .... .0.. = IPv6: False 0000 0... = Reserved: 0x00 Robustness Factor: 20 Congestion Control Type: TFMCC (2) Reserved: 0 Block Size: 1300 Timestamp: Apr 23, 2020 15:15:33.220323000 UTC Public Multicast Address: 220.127.116.11 Private Multicast Address: 18.104.22.168
The UFTP dissector is fully functional, for both version 3 and 4 of the protocol. Support for version 5 is upcoming.
(Version 5 added in commit d7b31223 : May 24, 2020 )
packet-uftp.c packet-uftp4.c packet-uftp5.c
uftp.udp.port - Set the UDP port for UFTP (if other than the default of 1044)
Example capture file
Show only the UFTP based traffic:
uftp or uftp4 or uftp5
You cannot directly filter UFTP protocols while capturing. However, if you know the UDP port used (see above), you can filter on that one.
Capture only the UFTP traffic over the default port (1044):
udp port 1044
- http://uftp-multicast.sourceforge.net/ UFTP - Encrypted UDP based FTP with multicast
Imported from https://wiki.wireshark.org/Protocols/uftp on 2020-08-11 23:23:11 UTC