Thread: proftpd and ppp modem
View Single Post
  #2   (View Single Post)  
Old 6th May 2008
mtx's Avatar
mtx mtx is offline
Real Name: Valentin Bud
Fdisk Soldier
  
Join Date: May 2008
Location: RO/TM
Posts: 79
Default
digging further:

[mp4+pf] box
Code:
# tcpdump -enqxX -i ng0 host 213.233.102.254
13:50:15.381119 AF IPv4 (2), length 94: 12.34.56.78.21 > 213.233.102.254.39552: P 261:311(50) ack 92 win 65535
        0x0000:  4500 005a afc8 4000 3f06 1e29 597a d74a  E..Z..@.?..)Yz.J
        0x0010:  d5e9 66fe 0015 9a80 f163 810c a16b 59ad  ..f......c...kY.
        0x0020:  5018 ffff c446 0000 3232 3720 456e 7465  P....F..227.Ente
        0x0030:  7269 6e67 2050 6173 7369 7665 204d 6f64  ring.Passive.Mod
        0x0040:  6520 2831 3932 2c31 3638 2c31 2c32 2c32  e.(192,168,1,2,2
        0x0050:  3330 2c31 3331 292e 0d0a                 30,131)...
13:50:15.431110 AF IPv4 (2), length 94: 213.233.102.254.39552 > 12.34.56.78.21: R 92:142(50) ack 261 win 65535
        0x0000:  4500 005a afc8 4000 2806 3529 d5e9 66fe  E..Z..@.(.5)..f.
        0x0010:  597a d74a 9a80 0015 a16b 59ad f163 810c  Yz.J.....kY..c..
        0x0020:  5014 ffff c44a 0000 3232 3720 456e 7465  P....J..227.Ente
        0x0030:  7269 6e67 2050 6173 7369 7665 204d 6f64  ring.Passive.Mod
        0x0040:  6520 2831 3932 2c31 3638 2c31 2c32 2c32  e.(192,168,1,2,2
        0x0050:  3330 2c31 3331 292e 0d0a                 30,131)...
laptop using Huawei HSDPA modem to connect to internet
wireshark output
Code:
No.     Time        Source                Destination           Protocol Info
    378 1336.729664 172.26.58.191         12.34.56.78         FTP      Request: PASV

Frame 378 (50 bytes on wire, 50 bytes captured)
Point-to-Point Protocol
Internet Protocol, Src: 172.26.58.191 (172.26.58.191), Dst: 12.34.56.78 (12.34.56.78)
Transmission Control Protocol, Src Port: 50832 (50832), Dst Port: ftp (21), Seq: 86, Ack: 261, Len: 6
    Source port: 50832 (50832)
    Destination port: ftp (21)
    Sequence number: 86    (relative sequence number)
    [Next sequence number: 92    (relative sequence number)]
    Acknowledgement number: 261    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0x232c [correct]
    [SEQ/ACK analysis]
File Transfer Protocol (FTP)
    PASV\r\n
        Request command: PASV

No.     Time        Source                Destination           Protocol Info
    379 1344.295777 172.26.58.191         12.34.56.78         FTP      [TCP Retransmission] Request: PASV

Frame 379 (50 bytes on wire, 50 bytes captured)
Point-to-Point Protocol
Internet Protocol, Src: 172.26.58.191 (172.26.58.191), Dst: 12.34.56.78 (12.34.56.78)
Transmission Control Protocol, Src Port: 50832 (50832), Dst Port: ftp (21), Seq: 86, Ack: 261, Len: 6
    Source port: 50832 (50832)
    Destination port: ftp (21)
    Sequence number: 86    (relative sequence number)
    [Next sequence number: 92    (relative sequence number)]
    Acknowledgement number: 261    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0x232c [correct]
    [SEQ/ACK analysis]
File Transfer Protocol (FTP)
    PASV\r\n
        Request command: PASV
these are the last two packets where the connection gets closed by the client.
As i can see the server replies to the client with the PASV port (first packet from [mpd4+pf] box) and the client sends a RESET. do you guys have any idea why is this happening. any hint?!
thank you

all the best,
v
__________________
Stop! think! ... the problem is somewhere between the monitor and chair...
"First they ignore you, then they laugh at you, then they fight you, then you win." Gandhi
links: spreadbsd syk
Last edited by mtx; 6th May 2008 at 11:05 AM.
Reply With Quote