FTP was not designed to encrypt its traffic; all transmissions are in clear text, and user names, passwords, commands and data can be easily read by anyone able to perform packet capture (
sniffing) on the network. This problem is common to many Internet Protocol specifications (such as
SMTP,
Telnet, POP and IMAP) designed prior to the creation of encryption mechanisms such as
TLS or SSL
[2]. A common solution to this problem is use of the "secure", TLS-protected versions of the insecure protocols (e.g.
FTPS for FTP, TelnetS for
Telnet, etc.) or selection of a different, more secure protocol that can handle the job, such as the
SFTP/
SCP tools included with most implementations of the
Secure Shell protocol.