Wireshark-users: Re: [Wireshark-users] FTP analysis

From: "Mohan Radhakrishnan" <mohanr@xxxxxxxxx>
Date: Fri, 4 Sep 2009 20:23:52 +0530
I am using the Windows FTP client because the Visa server I am connecting with does not allow commands like ( PWD etc. ) to be issued. Even WinSCP seems to be issuing a PWD by default. Only 'get' and 'put' are allowed. The server admin. is also seeing the proper transfer and WireShart is also showing a proper response.
 
Issuing 'literal pasv' also did not solve the issue. Nothing has changed according to the network team here.
 
I think I am missing experience with analyzing the packets here.
 
Thanks,
Mohan


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Chivian, John
Sent: Thursday, September 03, 2009 9:06 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] FTP analysis

Echoing what Chris said it is my experience that many Windows FTP products are poorly written and several have caused my administrators (and my users) much heartache.  So much so in some cases that we have formally stated they should not be used and will not be supported by our internal resources.   Filezilla is a good choice and is the application we load on Windows systems for users that require it.

 

Are you running Wireshark on the client or the server?   If you can do both and compare them that may give you enough information to determine the real cause of the problem.

 

Also, given your statement that it was working and now isn't, you should obviously focus on the things that might have changed in your environment.  Was a piece of networking gear replaced?  Were the server or client updated with OS or security patches?   That sort of thing.

 

---

 

John (JC) Chivian
Staff Software Engineer

Staff Unix/Linux Administrator
Corporate Information Systems

Photronics, Inc.

 

---

 

Environmentalism is an ethic and a way of life.  Pass it on!

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Phillips, Christopher M
Sent: Thursday, September 03, 2009 10:10 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] FTP analysis

 

Sounds like active/passive FTP problem.

Windows FTP uses active mode by default.

 

Active mode can often have trouble working through firewalls/routers.

 

When you have connected to the ftp site type the command ‘literal pasv’ which should switch the client into passive mode.

To make permanent default see here:

http://compnetworking.about.com/cs/novellgroupwise/ht/setpassiveftpie.htm

 

Better still use a decent ftp client like filezilla

http://filezilla-project.org/download.php

 

Also remember if your not using sftp or scp the traffic or the password to the ftp site is not encrypted……

 

-Chris

 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Mohan Radhakrishnan
Sent: 03 September 2009 10:06
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] FTP analysis

 

Hi,

          I have a ftp connection to a server and I am trying to analyze why even though wireshark shows that the files are transferrred successfully Windows ftp does not complete the transfer. How do I go about analyzing the problem ?

 

Wireshark shows

 

226 Transfer complete successfully.

 

but the windows ftp client does not save the file. It hangs. So what was working a few days back is now hanging. What type of analysis should I run ?

 

 

Thanks,

Mohan