Tuesday, June 15, 2010

faster than pigeons

I've been poking around to see who is still using FTP on a network. The tcpdump command is
bash-3.00$ sudo tcpdump -i nge1 -nS 'tcp[13] & 2 != 0' and 'port ftp'

FTP can be a bit twitchy to troubleshoot. It's an old protocol -- dating back to 1971 and RFC 114.

Originally, it was pretty straightforward: there are two ports in use, the control port (tcp/21) and the data port (tcp/20). The client connects to the control port and they have a lovely chat until time comes for the actual file to transfer. Then, the server opens a connection *from* its tcp/20 port to a port specified by the remote client. Which is why firewalls freak it out -- it involved an inbound connection.

PASV mode, or 'passive ftp', avoids some of this by letting both sides negotiate a high (above 1023) port, the server opens that port for connection and the client makes the connection to that port.

All of which makes it a fracking pain to troubleshoot from a network point of view.

No comments:

Post a Comment


About Me

My photo
Regis has worked as a network engineer since 1994 for small companies and for large companies.