ftp conntrack - nat problem

Dave Strydom strydom.dave at gmail.com
Wed Nov 9 16:29:19 CET 2005


After trying this for a while and watching the tethereal output i have
noticed something:

a Successful upload:

=======
 37.406692 196.41.186.226 -> 192.168.0.220 FTP Request: PASV
 37.406913 192.168.0.220 -> 196.41.186.226 FTP Response: 227 Entering
Passive Mode (192,168,0,220,137,132).
 37.455288 196.41.186.226 -> 192.168.0.220 TCP ms-sql-s > 35204 [SYN]
Seq=0 Ack=0 Win=16384 Len=0 MSS=1360
 37.455310 192.168.0.220 -> 196.41.186.226 TCP 35204 > ms-sql-s [SYN,
ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
 37.465549 196.41.186.226 -> 192.168.0.220 FTP Request: STOR LANDING_17.jpg
 37.490491 196.41.186.226 -> 192.168.0.220 TCP ms-sql-s > 35204 [ACK]
Seq=1 Ack=1 Win=17680 Len=0
 37.490618 192.168.0.220 -> 196.41.186.226 FTP Response: 150 Opening
BINARY mode data connection for LANDING_17.jpg
 37.664991 196.41.186.226 -> 192.168.0.220 FTP-DATA FTP Data: 1360 bytes
 37.665008 192.168.0.220 -> 196.41.186.226 TCP 35204 > ms-sql-s [ACK]
Seq=1 Ack=1361 Win=8160 Len=0
 37.670007 196.41.186.226 -> 192.168.0.220 FTP-DATA FTP Data: 305 bytes
 37.670020 192.168.0.220 -> 196.41.186.226 TCP 35204 > ms-sql-s [ACK]
Seq=1 Ack=1666 Win=8160 Len=0
 37.675092 196.41.186.226 -> 192.168.0.220 TCP ms-sql-s > 35204 [FIN,
ACK] Seq=1666 Ack=1 Win=17680 Len=0
 37.675222 192.168.0.220 -> 196.41.186.226 TCP 35204 > ms-sql-s [FIN,
ACK] Seq=1 Ack=1667 Win=8160 Len=0
 37.675713 192.168.0.220 -> 196.41.186.226 FTP Response: 226 Transfer complete.
=======

A Unsuccessful upload:

=======
37.921391 196.41.186.226 -> 192.168.0.220 FTP Request: PASV
 37.921611 192.168.0.220 -> 196.41.186.226 FTP Response: 227 Entering
Passive Mode (192,168,0,220,137,133).
 37.961478 196.41.186.226 -> 192.168.0.220 TCP ms-sql-m > 35205 [SYN]
Seq=0 Ack=0 Win=16384 Len=0 MSS=1360
 37.961501 192.168.0.220 -> 196.41.186.226 TCP 35205 > ms-sql-m [SYN,
ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
 37.967146 196.41.186.226 -> 192.168.0.220 FTP Request: STOR LANDING_18.jpg
 37.982217 196.41.186.226 -> 192.168.0.220 TCP ms-sql-m > 35205 [ACK]
Seq=1 Ack=1 Win=17680 Len=0
 37.982349 192.168.0.220 -> 196.41.186.226 FTP Response: 150 Opening
BINARY mode data connection for LANDING_18.jpg
 38.189397 196.41.186.226 -> 192.168.0.220 TCP 1407 > ftp [ACK]
Seq=2306 Ack=6579 Win=16535 Len=0
 38.309509 192.168.0.220 -> 196.41.186.226 FTP [TCP Out-Of-Order] Response:
 38.493193 196.41.186.226 -> 192.168.0.220 TCP 1407 > ftp [ACK]
Seq=2306 Ack=6581 Win=16533 Len=0
 53.301514 196.41.186.226 -> 192.168.0.220 TCP 1407 > ftp [FIN, ACK]
Seq=2306 Ack=6581 Win=16533 Len=0
=======

If you check the first one, it Opens the BINARY connection and the you
have a FTP-DATA command which gives it the file size

in the 2nd one, it Opens the Binary connection and there is no FTP-DATA issued?



More information about the netfilter mailing list