Find the answer to your Linux question:
Results 1 to 6 of 6
I am trying to understand "ftps" packet capture. We have 2 servers. On one of the servers ftps works fine. On the other server it doesn't. Both are using same ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2008
    Posts
    38

    tcpdump output with TLS packets


    I am trying to understand "ftps" packet capture. We have 2 servers. On one of the servers ftps works fine. On the other server it doesn't. Both are using same ftps java client and java version. Only difference is 2 different network.

    There seems to be no obvious reason so took a packet capture but I don't understand it.

    #Working FTP Packets
    6 0.052488 172.18.62.18 180.24.17.40 FTP Request: AUTH TLS
    7 0.076194 180.24.17.40 172.18.62.18 TCP ftp > 53951 [ACK] Seq=57 Ack=11 Win=5792 Len=0 TSV=46535105 TSER=30778219
    8 0.076214 180.24.17.40 172.18.62.18 FTP Response: 234 SSLv23/TLSv1
    10 0.166473 172.18.62.18 180.24.17.40 FTP Request: \026\003\001\000=\001\000\0009\003\001K
    12 0.249043 180.24.17.40 172.18.62.18 FTP Response: \026\003\001\000J\002\000\000F\003\001K
    14 0.249224 180.24.17.40 172.18.62.18 FTP Response: Sign, Inc.1705\006\003U\004\v\023.Class 3 Public Primary Certification Authority0\036\027
    16 0.249238 180.24.17.40 172.18.62.18 FTP Response: \023\335\246\373\374

    #No working FTP Packets
    75 3.662454 10.144.16.76 180.24.17.40 FTP Request: AUTH TLS
    76 3.662879 180.24.17.40 10.144.16.76 TCP ftp > 33667 [ACK] Seq=57 Ack=11 Win=32758 Len=0
    79 3.711837 180.24.17.40 10.144.16.76 FTP Response: 234 SSLv23/TLSv1
    111 3.791113 10.144.16.76 180.24.17.40 FTP Request: \026\003\001\000=\001\000\0009\003\001K\023\356\27 1\032\321\246|u\032\fD\312\350/k\331\353:\366|\263\253\325

  2. #2
    Just Joined!
    Join Date
    Oct 2008
    Posts
    30
    Quote Originally Posted by mohitanchlia View Post
    I am trying to understand "ftps" packet capture. We have 2 servers. On one of the servers ftps works fine. On the other server it doesn't. Both are using same ftps java client and java version. Only difference is 2 different network.

    There seems to be no obvious reason so took a packet capture but I don't understand it.

    #Working FTP Packets
    6 0.052488 172.18.62.18 180.24.17.40 FTP Request: AUTH TLS
    7 0.076194 180.24.17.40 172.18.62.18 TCP ftp > 53951 [ACK] Seq=57 Ack=11 Win=5792 Len=0 TSV=46535105 TSER=30778219
    8 0.076214 180.24.17.40 172.18.62.18 FTP Response: 234 SSLv23/TLSv1
    10 0.166473 172.18.62.18 180.24.17.40 FTP Request: \026\003\001\000=\001\000\0009\003\001K
    12 0.249043 180.24.17.40 172.18.62.18 FTP Response: \026\003\001\000J\002\000\000F\003\001K
    14 0.249224 180.24.17.40 172.18.62.18 FTP Response: Sign, Inc.1705\006\003U\004\v\023.Class 3 Public Primary Certification Authority0\036\027
    16 0.249238 180.24.17.40 172.18.62.18 FTP Response: \023\335\246\373\374

    #No working FTP Packets
    75 3.662454 10.144.16.76 180.24.17.40 FTP Request: AUTH TLS
    76 3.662879 180.24.17.40 10.144.16.76 TCP ftp > 33667 [ACK] Seq=57 Ack=11 Win=32758 Len=0
    79 3.711837 180.24.17.40 10.144.16.76 FTP Response: 234 SSLv23/TLSv1
    111 3.791113 10.144.16.76 180.24.17.40 FTP Request: \026\003\001\000=\001\000\0009\003\001K\023\356\27 1\032\321\246|u\032\fD\312\350/k\331\353:\366|\263\253\325
    use wireshark or ethereal software to capture and view the packet info.
    good luck

  3. #3
    Just Joined!
    Join Date
    Jun 2008
    Posts
    38
    Yes I did and the above output is from wireshark. I was asking if there is any problem in the above packet capture that is obvious to anyone. Differences I see is that ftp returns TSV response in one case and not the other. But what does that really mean?

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Oct 2008
    Posts
    30
    Google for FTP packet flow sequence, im sure u will get the answer.

  6. #5
    Just Joined!
    Join Date
    Jun 2008
    Posts
    38
    I couldn't find the sequence flow for FTP over SSL where it shows TSV segments in the packet. Funny thing is that the server that everything works from is using exactly same ftp connection code as the one that's not working. Only difference is that one server is virtual blade server (the one that's not working).

    Is there some TCP or SSL setting on the server that need to be set? Could you please help.

  7. #6
    Just Joined!
    Join Date
    Jun 2008
    Posts
    38
    Can someone help me understand what TSV is? I am still having this issue and resurrecting this thread again

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •