digging further:
[mp4+pf] box
Code:
# tcpdump -enqxX -i ng0 host 213.233.102.254
13:50:15.381119 AF IPv4 (2), length 94: 12.34.56.78.21 > 213.233.102.254.39552: P 261:311(50) ack 92 win 65535
0x0000: 4500 005a afc8 4000 3f06 1e29 597a d74a E..Z..@.?..)Yz.J
0x0010: d5e9 66fe 0015 9a80 f163 810c a16b 59ad ..f......c...kY.
0x0020: 5018 ffff c446 0000 3232 3720 456e 7465 P....F..227.Ente
0x0030: 7269 6e67 2050 6173 7369 7665 204d 6f64 ring.Passive.Mod
0x0040: 6520 2831 3932 2c31 3638 2c31 2c32 2c32 e.(192,168,1,2,2
0x0050: 3330 2c31 3331 292e 0d0a 30,131)...
13:50:15.431110 AF IPv4 (2), length 94: 213.233.102.254.39552 > 12.34.56.78.21: R 92:142(50) ack 261 win 65535
0x0000: 4500 005a afc8 4000 2806 3529 d5e9 66fe E..Z..@.(.5)..f.
0x0010: 597a d74a 9a80 0015 a16b 59ad f163 810c Yz.J.....kY..c..
0x0020: 5014 ffff c44a 0000 3232 3720 456e 7465 P....J..227.Ente
0x0030: 7269 6e67 2050 6173 7369 7665 204d 6f64 ring.Passive.Mod
0x0040: 6520 2831 3932 2c31 3638 2c31 2c32 2c32 e.(192,168,1,2,2
0x0050: 3330 2c31 3331 292e 0d0a 30,131)...
laptop using Huawei HSDPA modem to connect to internet
wireshark output
Code:
No. Time Source Destination Protocol Info
378 1336.729664 172.26.58.191 12.34.56.78 FTP Request: PASV
Frame 378 (50 bytes on wire, 50 bytes captured)
Point-to-Point Protocol
Internet Protocol, Src: 172.26.58.191 (172.26.58.191), Dst: 12.34.56.78 (12.34.56.78)
Transmission Control Protocol, Src Port: 50832 (50832), Dst Port: ftp (21), Seq: 86, Ack: 261, Len: 6
Source port: 50832 (50832)
Destination port: ftp (21)
Sequence number: 86 (relative sequence number)
[Next sequence number: 92 (relative sequence number)]
Acknowledgement number: 261 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65535
Checksum: 0x232c [correct]
[SEQ/ACK analysis]
File Transfer Protocol (FTP)
PASV\r\n
Request command: PASV
No. Time Source Destination Protocol Info
379 1344.295777 172.26.58.191 12.34.56.78 FTP [TCP Retransmission] Request: PASV
Frame 379 (50 bytes on wire, 50 bytes captured)
Point-to-Point Protocol
Internet Protocol, Src: 172.26.58.191 (172.26.58.191), Dst: 12.34.56.78 (12.34.56.78)
Transmission Control Protocol, Src Port: 50832 (50832), Dst Port: ftp (21), Seq: 86, Ack: 261, Len: 6
Source port: 50832 (50832)
Destination port: ftp (21)
Sequence number: 86 (relative sequence number)
[Next sequence number: 92 (relative sequence number)]
Acknowledgement number: 261 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65535
Checksum: 0x232c [correct]
[SEQ/ACK analysis]
File Transfer Protocol (FTP)
PASV\r\n
Request command: PASV
these are the last two packets where the connection gets closed by the client.
As i can see the server replies to the client with the PASV port (first packet from [mpd4+pf] box) and the client sends a RESET. do you guys have any idea why is this happening. any hint?!
thank you
all the best,
v