1 / 16

FTP FILE TRANSFER PROTOCOL

FTP FILE TRANSFER PROTOCOL. Forouzan Chapter 19, Stevens Chapter 27. FTP uses TCP. FTP uses two simultaneous TCP connections. Server port 21 is used for control, server port 20 for data transfers. Control Connection: 1. Server socket code puts server port 21 in passive open state “listen”

arvin
Télécharger la présentation

FTP FILE TRANSFER PROTOCOL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FTP FILE TRANSFER PROTOCOL Forouzan Chapter 19, Stevens Chapter 27 FTP uses TCP. FTP uses two simultaneous TCP connections. Server port 21 is used for control, server port 20 for data transfers. Control Connection: 1. Server socket code puts server port 21 in passive open state “listen” 2. Client socket executes an active open by sending SYN and supplies an ephemeral port (for example port 1046) Data Connection: 1. Client not the server issues a passive open using ephemeral port (for example 1047) 2. Client sends this port number to server using control connection 3. Server receives port number and indicates active open (3 way handshake) from port 20 to the client ephemeral port received (for example port 1047)

  2. FTP BLOCK DIAGRAM CONTROL PROCESS CONTROL PROCESS 1046 21 DATA TRANSFER PROCESS DATA TRANSFER PROCESS 1047 20 Client Server

  3. FTP COMMANDS SENT ACROSS CONTROL CHANNEL Command Type of Command Meaning 220 Response Command OK USER Access Command USED ID 331 Response User name OK, need password PASS Access Command User Password 230 Response User Login OK SYST Misc command Ask about server Operating System TYPE I Data Format Command Define File Type Image 200 Response Command OK PORT Port Defining Command Client chooses port RETR File Transfer Command Retrieve Files 150 Response File Status OK 226 Response Closing Data Connection QUIT Access Command Log Out 221 Response Service Closing

  4. So how does FTP work with dynamic NAT? See : http://www.slacksite.com/other/ftp.html Problem: Client connects to server and then server starts a new connection back to the client. This is known as active FTP. This appears as a new connection and will not pass through NAT. Solution: Passive FTP. The client initiates both connections to the server. 1. Client opens two ports. 2. The first port is used to contact the server on port 21. 3. Instead of a PORT command to server, client sends PASV command. 4. Server opens another port and tells client what port the server has opened. 5. Client initiates the second connection.

  5. In experiment 2, ftp 138.210.240.151 was run on machine 57.35.6.11. The commands typed were: ftp 138.210.240.151 secure_class secure_class get abc exit The file abc is 3718 bytes in size as determined by ls –lart on the machine 138.210.240.151. The data was collected using ethereal (only FTP and TCP datagrams shown):  No. Time Source Destination Protocol Info 9 8.968492 57.35.6.11 138.210.240.151 TCP 32785 > ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=240441 TSER=0 WS=0 10 8.971516 138.210.240.151 57.35.6.11 TCP ftp > 32785 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=4025958 TSER=240441 WS=0 11 8.971533 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=240441 TSER=4025958 12 8.978251 138.210.240.151 57.35.6.11 FTP Response: 220 ready, dude (vsFTPd 1.1.0: beat me, break me) 13 8.978286 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=1 Ack=52 Win=5840 Len=0 TSV=240442 TSER=4025962 14 9.001899 57.35.6.11 138.210.240.151 FTP Request: AUTH GSSAPI 15 9.003140 138.210.240.151 57.35.6.11 TCP ftp > 32785 [ACK] Seq=52 Ack=14 Win=5792 Len=0 TSV=4025974 TSER=240444 16 9.003457 138.210.240.151 57.35.6.11 FTP Response: 530 Please login with USER and PASS. 17 9.020801 57.35.6.11 138.210.240.151 FTP Request: AUTH KERBEROS_V4 18 9.022315 138.210.240.151 57.35.6.11 FTP Response: 530 Please login with USER and PASS. 19 9.056965 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=32 Ack=128 Win=5840 Len=0 TSV=240450 TSER=4025984 23 13.508878 57.35.6.11 138.210.240.151 FTP Request: USER secure_class 24 13.510625 138.210.240.151 57.35.6.11 FTP Response: 331 Please specify the password. 25 13.510802 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=51 Ack=162 Win=5840 Len=0 TSV=240895 TSER=4028283 29 17.508838 57.35.6.11 138.210.240.151 FTP Request: PASS secure_class 30 17.522820 138.210.240.151 57.35.6.11 FTP Response: 230 Login successful. Have fun. 31 17.523007 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=70 Ack=195 Win=5840 Len=0 TSV=241296 TSER=4030337 32 17.523040 57.35.6.11 138.210.240.151 FTP Request: SYST 33 17.524537 138.210.240.151 57.35.6.11 FTP Response: 215 UNIX Type: L8 34 17.566974 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=76 Ack=214 Win=5840 Len=0 TSV=241301 TSER=4030338 37 21.524831 57.35.6.11 138.210.240.151 FTP Request: TYPE I 38 21.526497 138.210.240.151 57.35.6.11 FTP Response: 200 Binary it is, then. 39 21.526676 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=84 Ack=239 Win=5840 Len=0 TSV=241696 TSER=4032387 40 21.526703 57.35.6.11 138.210.240.151 FTP Request: PASV 41 21.528527 138.210.240.151 57.35.6.11 FTP Response: 227 Entering Passive Mode (138,210,240,151,79,249) 42 21.528751 57.35.6.11 138.210.240.151 TCP 32786 > 20473 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=241697 TSER=0 WS=0 43 21.530022 138.210.240.151 57.35.6.11 TCP 20473 > 32786 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=4032389 TSER=241697 WS=0 44 21.530035 57.35.6.11 138.210.240.151 TCP 32786 > 20473 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=241697 TSER=4032389 45 21.541632 57.35.6.11 138.210.240.151 FTP Request: RETR abc 46 21.543227 138.210.240.151 57.35.6.11 FTP Response: 150 Opening BINARY mode data connection for abc (3718 bytes).

  6. 47 21.547104 138.210.240.151 57.35.6.11 TCP 20473 > 32786 [ACK] Seq=1 Ack=1 Win=5792 Len=1448 TSV=4032396 TSER=241697 48 21.547144 57.35.6.11 138.210.240.151 TCP 32786 > 20473 [ACK] Seq=1 Ack=1449 Win=8688 Len=0 TSV=241699 TSER=4032396 49 21.548311 138.210.240.151 57.35.6.11 TCP 20473 > 32786 [ACK] Seq=1449 Ack=1 Win=5792 Len=1448 TSV=4032396 TSER=241697 50 21.548315 57.35.6.11 138.210.240.151 TCP 32786 > 20473 [ACK] Seq=1 Ack=2897 Win=11584 Len=0 TSV=241699 TSER=4032396 51 21.548319 138.210.240.151 57.35.6.11 FTP Response: 226 File send OK. 52 21.548386 138.210.240.151 57.35.6.11 TCP 20473 > 32786 [FIN, PSH, ACK] Seq=2897 Ack=1 Win=5792 Len=822 TSV=4032396 TSER=241697 53 21.554834 57.35.6.11 138.210.240.151 TCP 32786 > 20473 [FIN, ACK] Seq=1 Ack=3720 Win=14480 Len=0 TSV=241699 TSER=4032396 54 21.556081 138.210.240.151 57.35.6.11 TCP 20473 > 32786 [ACK] Seq=3720 Ack=2 Win=5792 Len=0 TSV=4032403 TSER=241699 55 21.586967 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=100 Ack=373 Win=5840 Len=0 TSV=241703 TSER=4032396 58 25.460661 57.35.6.11 138.210.240.151 FTP Request: QUIT 59 25.462300 138.210.240.151 57.35.6.11 FTP Response: 221 Goodbye. 60 25.462484 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=106 Ack=387 Win=5840 Len=0 TSV=242090 TSER=4034403 61 25.462512 57.35.6.11 138.210.240.151 TCP 32785 > ftp [FIN, ACK] Seq=106 Ack=387 Win=5840 Len=0 TSV=242090 TSER=4034403 62 25.462761 138.210.240.151 57.35.6.11 TCP ftp > 32785 [FIN, ACK] Seq=387 Ack=106 Win=5792 Len=0 TSV=4034403 TSER=242090 63 25.462768 57.35.6.11 138.210.240.151 TCP 32785 > ftp [ACK] Seq=107 Ack=388 Win=5840 Len=0 TSV=242090 TSER=4034403 64 25.463634 138.210.240.151 57.35.6.11 TCP ftp > 32785 [ACK] Seq=388 Ack=107 Win=5792 Len=0 TSV=4034404 TSER=242090 TSV = time stamp value TSER = time stamp echo reply WS = window scale GSSAPI = Generic Security Services Application Programming Interface Kerberos = network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Why 1448 bytes of data? Time stamp is 10 bytes (p. 253 Stevens) + 2 NOPS = 12 MSS = 1460 –12 = 1448 The MSS here is for ethernet and is the end number we can use (already takes into account that we will add TCP and then IP headers)

  7. EXPERIMENT 2 FTP BLOCK DIAGRAM 57.35.6.11 138.210.240.151 CONTROL PROCESS CONTROL PROCESS 32785 21 DATA TRANSFER PROCESS DATA TRANSFER PROCESS 32786 20473 Client Server

  8. In experiment 3, ftp 138.210.240.151 was run on machine 57.35.6.11. The commands typed were: ftp 138.210.240.151 secure_class secure_class get def exit The file def is 11,154 bytes in size as determined by ls –lart on the machine 138.210.240.151. The data was collected using ethereal: No. Time Source Destination Protocol Info 8 10.755691 57.35.6.11 138.210.240.151 TCP 32787 > ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=255021 TSER=0 WS=0 9 10.757141 138.210.240.151 57.35.6.11 TCP ftp > 32787 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=4100622 TSER=255021 WS=0 10 10.757156 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=255021 TSER=4100622 11 10.763701 138.210.240.151 57.35.6.11 FTP Response: 220 ready, dude (vsFTPd 1.1.0: beat me, break me) 12 10.776376 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=1 Ack=52 Win=5840 Len=0 TSV=255023 TSER=4100625 13 10.776493 57.35.6.11 138.210.240.151 FTP Request: AUTH GSSAPI 14 10.777765 138.210.240.151 57.35.6.11 TCP ftp > 32787 [ACK] Seq=52 Ack=14 Win=5792 Len=0 TSV=4100632 TSER=255023 15 10.778039 138.210.240.151 57.35.6.11 FTP Response: 530 Please login with USER and PASS. 16 10.785569 57.35.6.11 138.210.240.151 FTP Request: AUTH KERBEROS_V4 17 10.787087 138.210.240.151 57.35.6.11 FTP Response: 530 Please login with USER and PASS. 18 10.819352 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=32 Ack=128 Win=5840 Len=0 TSV=255028 TSER=4100637 22 14.801030 57.35.6.11 138.210.240.151 FTP Request: USER secure_class 23 14.802723 138.210.240.151 57.35.6.11 FTP Response: 331 Please specify the password. 24 14.802900 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=51 Ack=162 Win=5840 Len=0 TSV=255426 TSER=4102693 27 18.384986 57.35.6.11 138.210.240.151 FTP Request: PASS secure_class 28 18.397830 138.210.240.151 57.35.6.11 FTP Response: 230 Login successful. Have fun. 29 18.398007 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=70 Ack=195 Win=5840 Len=0 TSV=255785 TSER=4104534 30 18.398035 57.35.6.11 138.210.240.151 FTP Request: SYST 31 18.399463 138.210.240.151 57.35.6.11 FTP Response: 215 UNIX Type: L8 32 18.449352 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=76 Ack=214 Win=5840 Len=0 TSV=255791 TSER=4104535 34 21.777032 57.35.6.11 138.210.240.151 FTP Request: TYPE I 35 21.778758 138.210.240.151 57.35.6.11 FTP Response: 200 Binary it is, then. 36 21.778935 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=84 Ack=239 Win=5840 Len=0 TSV=256123 TSER=4106266 37 21.778961 57.35.6.11 138.210.240.151 FTP Request: PASV

  9. 38 21.780745 138.210.240.151 57.35.6.11 FTP Response: 227 Entering Passive Mode (138,210,240,151,122,197) 39 21.780970 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=256124 TSER=0 WS=0 40 21.782195 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=4106267 TSER=256124 WS=0 41 21.782207 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=256124 TSER=4106267 42 21.793833 57.35.6.11 138.210.240.151 FTP Request: RETR def 43 21.795568 138.210.240.151 57.35.6.11 FTP Response: 150 Opening BINARY mode data connection for def (11154 bytes). 44 21.799284 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [ACK] Seq=1 Ack=1 Win=5792 Len=1448 TSV=4106274 TSER=256124 45 21.799310 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [ACK] Seq=1 Ack=1449 Win=8688 Len=0 TSV=256125 TSER=4106274 46 21.800571 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [ACK] Seq=1449 Ack=1 Win=5792 Len=1448 TSV=4106274 TSER=256124 47 21.800575 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [ACK] Seq=1 Ack=2897 Win=11584 Len=0 TSV=256126 TSER=4106274 48 21.801769 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [ACK] Seq=2897 Ack=1 Win=5792 Len=1448 TSV=4106274 TSER=256124 49 21.801774 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [ACK] Seq=1 Ack=4345 Win=14480 Len=0 TSV=256126 TSER=4106274 50 21.801777 138.210.240.151 57.35.6.11 FTP Response: 226 File send OK. 51 21.805467 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [ACK] Seq=4345 Ack=1 Win=5792 Len=1448 TSV=4106277 TSER=256125 52 21.805686 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [ACK] Seq=1 Ack=5793 Win=17376 Len=0 TSV=256126 TSER=4106277 53 21.806665 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [PSH, ACK] Seq=5793 Ack=1 Win=5792 Len=1448 TSV=4106277 TSER=256125 54 21.806747 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [ACK] Seq=1 Ack=7241 Win=20272 Len=0 TSV=256126 TSER=4106277 55 21.807953 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [ACK] Seq=7241 Ack=1 Win=5792 Len=1448 TSV=4106278 TSER=256126 56 21.809162 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [ACK] Seq=8689 Ack=1 Win=5792 Len=1448 TSV=4106278 TSER=256126 57 21.809247 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [FIN, PSH, ACK] Seq=10137 Ack=1 Win=5792 Len=1018 TSV=4106278 TSER=256126 58 21.809718 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [ACK] Seq=1 Ack=8689 Win=23168 Len=0 TSV=256127 TSER=4106278 59 21.809725 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [ACK] Seq=1 Ack=10137 Win=26064 Len=0 TSV=256127 TSER=4106278 60 21.809781 57.35.6.11 138.210.240.151 TCP 32788 > 31429 [FIN, ACK] Seq=1 Ack=11156 Win=28960 Len=0 TSV=256127 TSER=4106278 61 21.810933 138.210.240.151 57.35.6.11 TCP 31429 > 32788 [ACK] Seq=11156 Ack=2 Win=5792 Len=0 TSV=4106282 TSER=256127 62 21.839357 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=100 Ack=375 Win=5840 Len=0 TSV=256130 TSER=4106274 67 24.288880 57.35.6.11 138.210.240.151 FTP Request: QUIT 68 24.290568 138.210.240.151 57.35.6.11 FTP Response: 221 Goodbye. 69 24.290743 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=106 Ack=389 Win=5840 Len=0 TSV=256375 TSER=4107552 70 24.290767 57.35.6.11 138.210.240.151 TCP 32787 > ftp [FIN, ACK] Seq=106 Ack=389 Win=5840 Len=0 TSV=256375 TSER=4107552 71 24.291048 138.210.240.151 57.35.6.11 TCP ftp > 32787 [FIN, ACK] Seq=389 Ack=106 Win=5792 Len=0 TSV=4107552 TSER=256374 72 24.291055 57.35.6.11 138.210.240.151 TCP 32787 > ftp [ACK] Seq=107 Ack=390 Win=5840 Len=0 TSV=256375 TSER=4107552 73 24.291908 138.210.240.151 57.35.6.11 TCP ftp > 32787 [ACK] Seq=390 Ack=107 Win=5792 Len=0 TSV=4107553 TSER=256375

  10. In experiment 4, ftp 138.210.240.151 was run on machine 57.35.6.11. The commands typed were: ftp 138.210.240.151 secure_class secure_class get ghi exit The file ghi is 100,386 bytes in size as determined by ls –lart on the machine 138.210.240.151. The data was collected using ethereal: No. Time Source Destination Protocol Info 3 3.966189 57.35.6.11 138.210.240.151 TCP 32793 > ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=281746 TSER=0 WS=0 4 3.967538 138.210.240.151 57.35.6.11 TCP ftp > 32793 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=4237473 TSER=281746 WS=0 5 3.967553 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=281746 TSER=4237473 6 3.974139 138.210.240.151 57.35.6.11 FTP Response: 220 ready, dude (vsFTPd 1.1.0: beat me, break me) 7 3.982471 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=1 Ack=52 Win=5840 Len=0 TSV=281747 TSER=4237476 8 3.982594 57.35.6.11 138.210.240.151 FTP Request: AUTH GSSAPI 9 3.983785 138.210.240.151 57.35.6.11 TCP ftp > 32793 [ACK] Seq=52 Ack=14 Win=5792 Len=0 TSV=4237481 TSER=281747 10 3.984099 138.210.240.151 57.35.6.11 FTP Response: 530 Please login with USER and PASS. 11 3.993705 57.35.6.11 138.210.240.151 FTP Request: AUTH KERBEROS_V4 12 3.995076 138.210.240.151 57.35.6.11 FTP Response: 530 Please login with USER and PASS. 14 4.025991 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=32 Ack=128 Win=5840 Len=0 TSV=281752 TSER=4237487 18 8.555579 57.35.6.11 138.210.240.151 FTP Request: USER secure_class 19 8.557346 138.210.240.151 57.35.6.11 FTP Response: 331 Please specify the password. 20 8.557551 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=51 Ack=162 Win=5840 Len=0 TSV=282205 TSER=4239823 23 12.459552 57.35.6.11 138.210.240.151 FTP Request: PASS secure_class 24 12.474089 138.210.240.151 57.35.6.11 FTP Response: 230 Login successful. Have fun. 25 12.474275 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=70 Ack=195 Win=5840 Len=0 TSV=282596 TSER=4241829 26 12.474308 57.35.6.11 138.210.240.151 FTP Request: SYST 27 12.475716 138.210.240.151 57.35.6.11 FTP Response: 215 UNIX Type: L8 28 12.525992 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=76 Ack=214 Win=5840 Len=0 TSV=282602 TSER=4241830 32 16.107424 57.35.6.11 138.210.240.151 FTP Request: TYPE I 33 16.108993 138.210.240.151 57.35.6.11 FTP Response: 200 Binary it is, then. 34 16.109082 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=84 Ack=239 Win=5840 Len=0 TSV=282960 TSER=4243690 35 16.109108 57.35.6.11 138.210.240.151 FTP Request: PASV 36 16.110787 138.210.240.151 57.35.6.11 FTP Response: 227 Entering Passive Mode (138,210,240,151,24,202) 37 16.110891 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=282960 TSER=0 WS=0 38 16.112169 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=4243692 TSER=282960 WS=0

  11. 39 16.112181 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=282960 TSER=4243692 40 16.123748 57.35.6.11 138.210.240.151 FTP Request: RETR ghi 41 16.127041 138.210.240.151 57.35.6.11 FTP Response: 150 Opening BINARY mode data connection for ghi (100386 bytes). 42 16.130783 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=1 Ack=1 Win=5792 Len=1448 TSV=4243699 TSER=282960 43 16.130800 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=1449 Win=8688 Len=0 TSV=282962 TSER=4243699 44 16.131980 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=1449 Ack=1 Win=5792 Len=1448 TSV=4243699 TSER=282960 45 16.131987 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=2897 Win=11584 Len=0 TSV=282962 TSER=4243699 46 16.133225 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=2897 Ack=1 Win=5792 Len=1448 TSV=4243700 TSER=282960 47 16.133231 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=4345 Win=14480 Len=0 TSV=282962 TSER=4243700 48 16.136923 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=4345 Ack=1 Win=5792 Len=1448 TSV=4243703 TSER=282962 49 16.136932 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=5793 Win=17376 Len=0 TSV=282963 TSER=4243703 50 16.138125 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [PSH, ACK] Seq=5793 Ack=1 Win=5792 Len=1448 TSV=4243703 TSER=282962 51 16.138131 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=7241 Win=20272 Len=0 TSV=282963 TSER=4243703 52 16.139412 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=7241 Ack=1 Win=5792 Len=1448 TSV=4243703 TSER=282962 53 16.139416 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=8689 Win=23168 Len=0 TSV=282963 TSER=4243703 54 16.140621 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=8689 Ack=1 Win=5792 Len=1448 TSV=4243703 TSER=282962 55 16.140625 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=10137 Win=26064 Len=0 TSV=282963 TSER=4243703 56 16.141815 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [PSH, ACK] Seq=10137 Ack=1 Win=5792 Len=1448 TSV=4243703 TSER=282962 57 16.141824 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=11585 Win=28960 Len=0 TSV=282963 TSER=4243703 58 16.143107 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [PSH, ACK] Seq=11585 Ack=1 Win=5792 Len=1448 TSV=4243703 TSER=282962 59 16.143159 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=13033 Win=31856 Len=0 TSV=282963 TSER=4243703 60 16.144316 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=13033 Ack=1 Win=5792 Len=1448 TSV=4243706 TSER=282963 61 16.144393 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=14481 Win=34752 Len=0 TSV=282963 TSER=4243706 62 16.145514 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=14481 Ack=1 Win=5792 Len=1448 TSV=4243706 TSER=282963 63 16.145564 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=15929 Win=37648 Len=0 TSV=282963 TSER=4243706 64 16.146809 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=15929 Ack=1 Win=5792 Len=1448 TSV=4243706 TSER=282963 65 16.146892 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=17377 Win=40544 Len=0 TSV=282964 TSER=4243706 66 16.147947 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=17377 Ack=1 Win=5792 Len=1448 TSV=4243706 TSER=282963 67 16.148026 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=18825 Win=43440 Len=0 TSV=282964 TSER=4243706 68 16.149201 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=18825 Ack=1 Win=5792 Len=1448 TSV=4243707 TSER=282963 69 16.149250 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=20273 Win=46336 Len=0 TSV=282964 TSER=4243707 70 16.150477 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=20273 Ack=1 Win=5792 Len=1448 TSV=4243707 TSER=282963 71 16.150553 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=21721 Win=49232 Len=0 TSV=282964 TSER=4243707 72 16.151752 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [PSH, ACK] Seq=21721 Ack=1 Win=5792 Len=1448 TSV=4243708 TSER=282963 73 16.151802 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=23169 Win=52128 Len=0 TSV=282964 TSER=4243708 74 16.152873 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=23169 Ack=1 Win=5792 Len=1448 TSV=4243708 TSER=282963 75 16.152923 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=24617 Win=55024 Len=0 TSV=282964 TSER=4243708 76 16.154132 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=24617 Ack=1 Win=5792 Len=1448 TSV=4243708 TSER=282963 77 16.154208 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=26065 Win=57920 Len=0 TSV=282964 TSER=4243708

  12. 78 16.155430 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [PSH, ACK] Seq=26065 Ack=1 Win=5792 Len=1448 TSV=4243708 TSER=282963 79 16.156581 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=27513 Ack=1 Win=5792 Len=1448 TSV=4243709 TSER=282963 80 16.157835 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=28961 Ack=1 Win=5792 Len=1448 TSV=4243709 TSER=282963 81 16.159119 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=30409 Ack=1 Win=5792 Len=1448 TSV=4243710 TSER=282963 82 16.160244 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=31857 Ack=1 Win=5792 Len=1448 TSV=4243710 TSER=282963 83 16.161491 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=33305 Ack=1 Win=5792 Len=1448 TSV=4243710 TSER=282963 84 16.162784 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=34753 Ack=1 Win=5792 Len=1448 TSV=4243710 TSER=282963 85 16.163987 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=36201 Ack=1 Win=5792 Len=1448 TSV=4243711 TSER=282964 86 16.165227 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=37649 Ack=1 Win=5792 Len=1448 TSV=4243711 TSER=282964 87 16.166492 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=39097 Ack=1 Win=5792 Len=1448 TSV=4243711 TSER=282964 88 16.166823 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=27513 Win=60816 Len=0 TSV=282966 TSER=4243708 89 16.166830 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=28961 Win=63712 Len=0 TSV=282966 TSER=4243709 90 16.166834 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=30409 Win=63712 Len=0 TSV=282966 TSER=4243709 91 16.166837 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=31857 Win=62264 Len=0 TSV=282966 TSER=4243710 92 16.166840 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=33305 Win=60816 Len=0 TSV=282966 TSER=4243710 93 16.166848 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=40545 Win=53576 Len=0 TSV=282966 TSER=4243710 94 16.167681 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=40545 Ack=1 Win=5792 Len=1448 TSV=4243711 TSER=282964 95 16.168895 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=41993 Ack=1 Win=5792 Len=1448 TSV=4243712 TSER=282964 96 16.170229 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [PSH, ACK] Seq=43441 Ack=1 Win=5792 Len=1448 TSV=4243712 TSER=282964 97 16.171433 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=44889 Ack=1 Win=5792 Len=1448 TSV=4243713 TSER=282964 98 16.172551 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=46337 Ack=1 Win=5792 Len=1448 TSV=4243713 TSER=282964 99 16.172730 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=44889 Win=63712 Len=0 TSV=282966 TSER=4243711 100 16.172738 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=47785 Win=60816 Len=0 TSV=282966 TSER=4243713 101 16.173808 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [PSH, ACK] Seq=47785 Ack=1 Win=5792 Len=1448 TSV=4243713 TSER=282964 102 16.175093 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=49233 Ack=1 Win=5792 Len=1448 TSV=4243713 TSER=282964 103 16.175125 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=50681 Win=63712 Len=0 TSV=282966 TSER=4243713 104 16.175979 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=100 Ack=356 Win=5840 Len=0 TSV=282967 TSER=4243699 105 16.176332 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=50681 Ack=1 Win=5792 Len=1448 TSV=4243714 TSER=282964 106 16.177502 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=52129 Ack=1 Win=5792 Len=1448 TSV=4243714 TSER=282964 107 16.177530 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=53577 Win=63712 Len=0 TSV=282967 TSER=4243714 108 16.178801 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=53577 Ack=1 Win=5792 Len=1448 TSV=4243715 TSER=282964 109 16.180017 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=55025 Ack=1 Win=5792 Len=1448 TSV=4243715 TSER=282964 110 16.180045 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=56473 Win=63712 Len=0 TSV=282967 TSER=4243715 111 16.181184 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=56473 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 112 16.182436 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=57921 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 113 16.182491 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=59369 Win=63712 Len=0 TSV=282967 TSER=4243721 114 16.183729 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=59369 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 115 16.184931 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=60817 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 116 16.184959 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=62265 Win=63712 Len=0 TSV=282967 TSER=4243721 117 16.186127 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=62265 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966

  13. 118 16.187416 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=63713 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 119 16.187443 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=65161 Win=63712 Len=0 TSV=282968 TSER=4243721 120 16.188626 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=65161 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 121 16.189794 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=66609 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 122 16.189822 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=68057 Win=63712 Len=0 TSV=282968 TSER=4243721 123 16.191092 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=68057 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 124 16.192291 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=69505 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 125 16.192346 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=70953 Win=63712 Len=0 TSV=282968 TSER=4243721 126 16.193543 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=70953 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 127 16.194756 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=72401 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 128 16.194810 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=73849 Win=63712 Len=0 TSV=282968 TSER=4243721 129 16.195982 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=73849 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 130 16.197215 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [PSH, ACK] Seq=75297 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 131 16.197262 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=76745 Win=63712 Len=0 TSV=282969 TSER=4243721 132 16.198464 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=76745 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 133 16.199677 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [PSH, ACK] Seq=78193 Ack=1 Win=5792 Len=1448 TSV=4243721 TSER=282966 134 16.199705 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=79641 Win=63712 Len=0 TSV=282969 TSER=4243721 135 16.200893 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=79641 Ack=1 Win=5792 Len=1448 TSV=4243724 TSER=282966 136 16.202138 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=81089 Ack=1 Win=5792 Len=1448 TSV=4243724 TSER=282966 137 16.202192 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=82537 Win=63712 Len=0 TSV=282969 TSER=4243724 138 16.203433 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=82537 Ack=1 Win=5792 Len=1448 TSV=4243724 TSER=282966 139 16.204559 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=83985 Ack=1 Win=5792 Len=1448 TSV=4243724 TSER=282966 140 16.204614 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=85433 Win=63712 Len=0 TSV=282969 TSER=4243724 141 16.205818 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=85433 Ack=1 Win=5792 Len=1448 TSV=4243724 TSER=282966 142 16.207109 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=86881 Ack=1 Win=5792 Len=1448 TSV=4243724 TSER=282966 143 16.207113 138.210.240.151 57.35.6.11 FTP Response: 226 File send OK. 144 16.207119 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=100 Ack=375 Win=5840 Len=0 TSV=282970 TSER=4243724 145 16.207168 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=88329 Win=63712 Len=0 TSV=282970 TSER=4243724 146 16.208333 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=88329 Ack=1 Win=5792 Len=1448 TSV=4243725 TSER=282966 147 16.209583 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=89777 Ack=1 Win=5792 Len=1448 TSV=4243725 TSER=282966 148 16.209611 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=91225 Win=63712 Len=0 TSV=282970 TSER=4243725 149 16.210903 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=91225 Ack=1 Win=5792 Len=1448 TSV=4243725 TSER=282966 150 16.212024 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=92673 Ack=1 Win=5792 Len=1448 TSV=4243727 TSER=282967 151 16.212052 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=94121 Win=63712 Len=0 TSV=282970 TSER=4243725 152 16.213285 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=94121 Ack=1 Win=5792 Len=1448 TSV=4243727 TSER=282967 153 16.214526 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=95569 Ack=1 Win=5792 Len=1448 TSV=4243727 TSER=282967 154 16.214582 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=97017 Win=63712 Len=0 TSV=282970 TSER=4243727 155 16.215820 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=97017 Ack=1 Win=5792 Len=1448 TSV=4243728 TSER=282967 156 16.217033 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=98465 Ack=1 Win=5792 Len=1448 TSV=4243728 TSER=282967

  14. 157 16.217062 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [ACK] Seq=1 Ack=99913 Win=63712 Len=0 TSV=282971 TSER=4243728 158 16.217073 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [FIN, PSH, ACK] Seq=99913 Ack=1 Win=5792 Len=474 TSV=4243728 TSER=282967 159 16.217115 57.35.6.11 138.210.240.151 TCP 32794 > 6346 [FIN, ACK] Seq=1 Ack=100388 Win=63712 Len=0 TSV=282971 TSER=4243728 160 16.218247 138.210.240.151 57.35.6.11 TCP 6346 > 32794 [ACK] Seq=100388 Ack=2 Win=5792 Len=0 TSV=4243746 TSER=282971 164 20.779412 57.35.6.11 138.210.240.151 FTP Request: QUIT 165 20.780946 138.210.240.151 57.35.6.11 FTP Response: 221 Goodbye. 166 20.781120 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=106 Ack=389 Win=5840 Len=0 TSV=283427 TSER=4246083 167 20.781145 57.35.6.11 138.210.240.151 TCP 32793 > ftp [FIN, ACK] Seq=106 Ack=389 Win=5840 Len=0 TSV=283427 TSER=4246083 168 20.781396 138.210.240.151 57.35.6.11 TCP ftp > 32793 [FIN, ACK] Seq=389 Ack=106 Win=5792 Len=0 TSV=4246083 TSER=283427 169 20.781402 57.35.6.11 138.210.240.151 TCP 32793 > ftp [ACK] Seq=107 Ack=390 Win=5840 Len=0 TSV=283427 TSER=4246083 170 20.782304 138.210.240.151 57.35.6.11 TCP ftp > 32793 [ACK] Seq=390 Ack=107 Win=5792 Len=0 TSV=4246083 TSER=283427

  15. EXPERIMENT 4 FTP BLOCK DIAGRAM 57.35.6.11 138.210.240.151 CONTROL PROCESS CONTROL PROCESS 32793 21 DATA TRANSFER PROCESS DATA TRANSFER PROCESS 32794 6346 Client Server

  16. From the 2005 Ph.D. Thesis of Robbie Simpson:

More Related