lost and found ( for me ? )

lost and found ( for me ? )

↑ Grab this Headline Animator

Ubuntu 12.04 LTS server : configure FTPS on vsftpd

Here’s an explanation of how to configure FTPS on vsftpd which is provided by Ubuntu 12.04 LTS Server including trial and error.
root@ubuntu1204-vm1:~# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 12.04.2 LTS"
root@ubuntu1204-vm1:~# uname -ri
3.2.0-37-generic x86_64


install vsftpd via apt-get.
root@ubuntu1204-vm1:~# apt-get install vsftpd -y

root@ubuntu1204-vm1:~# vsftpd -v
vsftpd: version 2.3.5


backup the original config file.
root@ubuntu1204-vm1:~# cp /etc/vsftpd.conf /etc/vsftpd.conf.org


make a private key and a self signed certificate for FTPS.

private key
root@ubuntu1204-vm1:~# openssl genrsa -des3 -out /etc/vsftpd_ssl_keys/private.key 2048
Generating RSA private key, 2048 bit long modulus
..................................................................................+++
.+++
e is 65537 (0x10001)
Enter pass phrase for /etc/vsftpd_ssl_keys/private.key:
Verifying - Enter pass phrase for /etc/vsftpd_ssl_keys/private.key:


make a CSR
root@ubuntu1204-vm1:~# openssl genrsa -des3 -out /etc/vsftpd_ssl_keys/private.key 2048
Generating RSA private key, 2048 bit long modulus
..................................................................................+++
.+++
e is 65537 (0x10001)
Enter pass phrase for /etc/vsftpd_ssl_keys/private.key:
Verifying - Enter pass phrase for /etc/vsftpd_ssl_keys/private.key:
root@ubuntu1204-vm1:~# openssl req -new -key /etc/vsftpd_ssl_keys/private.key -out /etc/vsftpd_ssl_keys/server.csr
Enter pass phrase for /etc/vsftpd_ssl_keys/private.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:foo.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


remove passphrase from the private key.
root@ubuntu1204-vm1:~# cp /etc/vsftpd_ssl_keys/private.key /etc/vsftpd_ssl_keys/private.key.org

root@ubuntu1204-vm1:~# openssl rsa -in /etc/vsftpd_ssl_keys/private.key.org -out /etc/vsftpd_ssl_keys/private.key
Enter pass phrase for /etc/vsftpd_ssl_keys/private.key.org:
writing RSA key


make a self signed certificate
root@ubuntu1204-vm1:~# openssl x509 -req -days 365 -in /etc/vsftpd_ssl_keys/server.csr -signkey /etc/vsftpd_ssl_keys/private.key -out /etc/vsftpd_ssl_keys/server.crt
Signature ok
subject=/C=JP/ST=Some-State/O=Internet Widgits Pty Ltd/CN=foo.com
Getting Private key


vsftpd.conf
root@ubuntu1204-vm1:~# cat /etc/vsftpd.conf
# use vsftpd as a standalone mode instead of using vsftpd via inetd
listen=YES

# listen port for control channel
listen_port=21

# Limit passive ports to this range to assis firewalling
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30003

# active mode
connect_from_port_20=YES
ftp_data_port=20

# Set to ssl_enable=YES if you want to enable SSL
ssl_enable=YES
idle_session_timeout=900
log_ftp_protocol=YES
ssl_sslv2=YES
ssl_sslv3=YES
ssl_tlsv1=YES

# Path to the certificate and the private key
rsa_cert_file=/etc/vsftpd_ssl_keys/server.crt
rsa_private_key_file=/etc/vsftpd_ssl_keys/private.key

# disallow anonymous users
allow_anon_ssl=NO

# All local logins (i.e. non-anonymous) are forced to use ssl.
force_local_logins_ssl=YES
force_local_data_ssl=YES

require_ssl_reuse=NO
root@ubuntu1204-vm1:~#


start vsftpd
root@ubuntu1204-vm1:~# service vsftpd restart
vsftpd stop/waiting
vsftpd start/running, process 6372

root@ubuntu1204-vm1:~# service vsftpd status
vsftpd start/running, process 6372

root@ubuntu1204-vm1:~# lsof -ni:21
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
vsftpd  6372 root    3u  IPv4  18498      0t0  TCP *:ftp (LISTEN)


prepare FTPS client. I installed lftp as FTPS client. ( I installed vsftpd and lftp on the same box )
root@ubuntu1204-vm1:~# apt-get install -y lftp

root@ubuntu1204-vm1:~# lftp --version
LFTP | Version 4.3.3 | Copyright (c) 1996-2011 Alexander V. Lukyanov

LFTP is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with LFTP.  If not, see <http://www.gnu.org/licenses/>.

Send bug reports and questions to the mailing list <lftp@uniyar.ac.ru>.

Libraries used: Readline 6.2, GnuTLS 2.12.14, zlib 1.2.3.4


connect to the vsftpd over FTPS
nn , can’t connect ..
root@ubuntu1204-vm1:~# lftp
lftp test01@127.0.0.1:~> set ssl:verify-certificate no
lftp test01@127.0.0.1:~> set ftp:ssl-protect-data true
lftp test01@127.0.0.1:~> set ftp:ssl-force true
lftp test01@127.0.0.1:~> set ftp:ssl-auth TLS
lftp test01@127.0.0.1:~> set ftp:initial-prot ""
lftp test01@127.0.0.1:~> open -u test01 -p21 ftp://127.0.0.1
Password:
lftp test01@127.0.0.1:~> ls
`ls' at 0 [Delaying before reconnect: 32]
Interrupt                                    

lftp test01@127.0.0.1:~> set ssl:verify-certificate no
lftp test01@127.0.0.1:~> set ftp:ssl-protect-data true
lftp test01@127.0.0.1:~> set ftp:ssl-force true
lftp test01@127.0.0.1:~> set ftp:ssl-auth SSL
lftp test01@127.0.0.1:~> set ftp:initial-prot ""
lftp test01@127.0.0.1:~> open -u test01 -p21 ftp://127.0.0.1
Password:
lftp test01@127.0.0.1:~> ls
`ls' at 0 [Delaying before reconnect: 17]


How about adding “ssl_ciphers=HIGH” in vsftpd.conf ??
root@ubuntu1204-vm1:~# cat /etc/vsftpd.conf
# use vsftpd as a standalone mode instead of using vsftpd via inetd
listen=YES

# listen port for control channel
listen_port=21

# Limit passive ports to this range to assis firewalling
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30003

# active mode
connect_from_port_20=YES
ftp_data_port=20

# Set to ssl_enable=YES if you want to enable SSL
ssl_enable=YES
idle_session_timeout=900
log_ftp_protocol=YES
ssl_sslv2=YES
ssl_sslv3=YES
ssl_tlsv1=YES

# Path to the certificate and the private key
rsa_cert_file=/etc/vsftpd_ssl_keys/server.crt
rsa_private_key_file=/etc/vsftpd_ssl_keys/private.key

# disallow anonymous users
allow_anon_ssl=NO

# All local logins (i.e. non-anonymous) are forced to use ssl.
force_local_logins_ssl=YES
force_local_data_ssl=YES

require_ssl_reuse=NO

# Select which SSL ciphers vsftpd will allow for encrypted SSL connections (required by FileZilla)
ssl_ciphers=HIGH


restart vsftpd.
# /etc/init.d/vsftpd restart


still can’t connect..
root@ubuntu1204-vm1:~# lftp
lftp :~> set ssl:verify-certificate no
lftp :~> set ftp:ssl-protect-data true
lftp :~> set ftp:ssl-force true
lftp :~> set ftp:ssl-auth TLS
lftp :~> set ftp:initial-prot ""
lftp :~> open -u test01 -p21 ftp://127.0.0.1
Password:
lftp test01@127.0.0.1:~> ls                   
Interrupt                                    
lftp test01@127.0.0.1:~>
lftp test01@127.0.0.1:~> set ssl:verify-certificate no
lftp test01@127.0.0.1:~> set ftp:ssl-protect-data true
lftp test01@127.0.0.1:~> set ftp:ssl-force true
lftp test01@127.0.0.1:~> set ftp:ssl-auth SSL
lftp test01@127.0.0.1:~> set ftp:initial-prot ""
lftp test01@127.0.0.1:~> open -u test01 -p21 ftp://127.0.0.1
Password:
lftp test01@127.0.0.1:~> ls
Interrupt                                    
lftp test01@127.0.0.1:~> bye


I edited vsftpd.conf like this:
root@ubuntu1204-vm1:~# cat /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ls_recurse_enable=YES
use_localtime=YES

# FTPS
log_ftp_protocol=YES
idle_session_timeout=900
ssl_enable=YES

# Path to the certificate and the private key
rsa_cert_file=/etc/vsftpd_ssl_keys/server.crt
rsa_private_key_file=/etc/vsftpd_ssl_keys/private.key


I could connect to the vsftpd box over FTPS.
However I’m not sure which options in vsftpd.conf are wrong , so I need to look into the root cause.
root@ubuntu1204-vm1:~# lftp
lftp :~> set ssl:verify-certificate no
lftp :~> set ftp:ssl-protect-data true
lftp :~> set ftp:ssl-force true
lftp :~> set ftp:ssl-auth TLS
lftp :~> set ftp:initial-prot ""
lftp :~> open -u test01 -p21 ftp://127.0.0.1
Password:
lftp test01@127.0.0.1:~> ls                   
-rw-r--r--    1 1001     1001            6 Feb 14 23:38 hello.txt
lftp test01@127.0.0.1:~> bye
root@ubuntu1204-vm1:~#
root@ubuntu1204-vm1:~# lftp
lftp :~> set ssl:verify-certificate no
lftp :~> set ftp:ssl-protect-data true
lftp :~> set ftp:ssl-force true
lftp :~> set ftp:ssl-auth SSL
lftp :~> set ftp:initial-prot ""
lftp :~> open -u test01 -p21 ftp://127.0.0.1
Password:
lftp test01@127.0.0.1:~> ls                   
-rw-r--r--    1 1001     1001            6 Feb 14 23:38 hello.txt
lftp test01@127.0.0.1:~> bye


cap data when using FTPS
root@ubuntu1204-vm1:~# tshark -nr ftps.pcap
 1   0.000000    127.0.0.1 -> 127.0.0.1    TCP 74 36468 > 21 [SYN] Seq=0 Win=32792 Len=0 MSS=16396 SACK_PERM=1 TSval=1360230 TSecr=0 WS=8
 2   0.000023    127.0.0.1 -> 127.0.0.1    TCP 74 21 > 36468 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=16396 SACK_PERM=1 TSval=1360230 TSecr=1360230 WS=8
 3   0.000040    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=1 Ack=1 Win=32792 Len=0 TSval=1360230 TSecr=1360230
 4   0.007941    127.0.0.1 -> 127.0.0.1    FTP 86 Response: 220 (vsFTPd 2.3.5)
 5   0.008022    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=1 Ack=21 Win=32776 Len=0 TSval=1360232 TSecr=1360232
 6   0.008234    127.0.0.1 -> 127.0.0.1    FTP 72 Request: FEAT
 7   0.008251    127.0.0.1 -> 127.0.0.1    TCP 66 21 > 36468 [ACK] Seq=21 Ack=7 Win=32768 Len=0 TSval=1360232 TSecr=1360232
 8   0.008392    127.0.0.1 -> 127.0.0.1    FTP 81 Response: 211-Features:
 9   0.008485    127.0.0.1 -> 127.0.0.1    FTP 77 Response:  AUTH TLS
10   0.008538    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=7 Ack=47 Win=32768 Len=0 TSval=1360232 TSecr=1360232
11   0.008610    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  EPRT
12   0.008767    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  EPSV
13   0.008818    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=7 Ack=61 Win=32768 Len=0 TSval=1360233 TSecr=1360232
14   0.008886    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  MDTM
15   0.008960    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  PASV
16   0.009008    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=7 Ack=75 Win=32768 Len=0 TSval=1360233 TSecr=1360233
17   0.009072    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  PBSZ
18   0.009142    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  PROT
19   0.009252    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=7 Ack=89 Win=32768 Len=0 TSval=1360233 TSecr=1360233
20   0.009320    127.0.0.1 -> 127.0.0.1    FTP 80 Response:  REST STREAM
21   0.009394    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  SIZE
22   0.009440    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=7 Ack=110 Win=32768 Len=0 TSval=1360233 TSecr=1360233
23   0.009458    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  TVFS
24   0.009478    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  UTF8
25   0.009491    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=7 Ack=124 Win=32768 Len=0 TSval=1360233 TSecr=1360233
26   0.009512    127.0.0.1 -> 127.0.0.1    FTP 75 Response: 211 End
27   0.009592    127.0.0.1 -> 127.0.0.1    FTP 76 Request: AUTH TLS
28   0.009660    127.0.0.1 -> 127.0.0.1    FTP 97 Response: 234 Proceed with negotiation.
29   0.036846    127.0.0.1 -> 127.0.0.1    FTP 183 Request: \026\003\000\000p\001\000\000l\003\003Q\035"[ԯ\205\177��l$e^�\026qRB\000d�cSti�\035d\255�\230\000\0000\0003\000g\000E\0009\000k\000\210\000\026\0002\000@\000D\0008\000j\000\207\000\023\000f\000/\000<\000A\0005\000=\000\204\000
30   0.037101    127.0.0.1 -> 127.0.0.1    FTP 1034 Response: \026\003\003\000Q\002\000\000M\003\003Q\035"[a֩\006'�\204�\220\t\f��\204\230=\a�,���rWR!�R �/\200R�ad����dP\212
31   0.037987    127.0.0.1 -> 127.0.0.1    FTP 345 Request: \026\003\003\000\a\v\000\000\003\000\000\000\026\003\003\001\006\020\000\001\002\001\000`\006��4^A�\231�\220=\034jB�⤴6�\234 I0�����\220�B\016�}(�\035��\035\004ө^
32   0.076757    127.0.0.1 -> 127.0.0.1    TCP 66 21 > 36468 [ACK] Seq=1132 Ack=413 Win=32768 Len=0 TSval=1360250 TSecr=1360240
33   0.076802    127.0.0.1 -> 127.0.0.1    FTP 221 Request: \024\003\003\000\001\001\026\003\003\000\220�&0\226�\035�I
34   0.077257    127.0.0.1 -> 127.0.0.1    TCP 66 21 > 36468 [ACK] Seq=1132 Ack=568 Win=32768 Len=0 TSval=1360250 TSecr=1360250
35   0.077524    127.0.0.1 -> 127.0.0.1    FTP 125 Response: \024\003\003\000\001\001\026\003\003\0000M�t\002/E\227\255\v��HD\002\255���\220�j\215��\b\b(�a\034X\231\224Ĩ��W��>j\vX�AI\207
36   0.116639    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=568 Ack=1191 Win=32768 Len=0 TSval=1360260 TSecr=1360250
37   0.124476    127.0.0.1 -> 127.0.0.1    FTP 295 Request: \027\003\003\000�\�*3�-_4l\002\017�L�W5\207�\255*�K�=��X��i�\226}\001{\212�\037y.���"�\214�#A�\f��I�\230=\016j��{tM\027��x&�\0240�\v�]*�Y鴳'\233J�\233�s\031+[K~�x"\031\221x\f<\016\a����(\001`�\005��\031\207lW|_<�(�~\002u����\237�\035�\034ì\202}���0�\006\255g�\034f�]��\A ���\000\222\212\220D\t\b�\003\236\215\u\255��\234�\v\016\036�\201�l�\211w�lA�k�\030���\177\200F\217\030y\222\23096\a��\032Lc;�k�G�\203�
38   0.124562    127.0.0.1 -> 127.0.0.1    FTP 127 Response: \027\003\003\0008�\223\200\002��\206��-;\207V\206�)d(06\003�����>�\000�\233�\233\217�\213�\205\225Y\022��\023%F��-\2263�\005G\036\231
39   0.124569    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=797 Ack=1252 Win=32768 Len=0 TSval=1360261 TSecr=1360261
40   0.124729    127.0.0.1 -> 127.0.0.1    FTP 135 Request: \027\003\003\000@z\fWZ\030e!X8\177��\214�n��\030�M�\217�\031\215\017w\216�gh���B�k��b����d�\035���]\221^I\231\224|��(��A\231
41   0.124772    127.0.0.1 -> 127.0.0.1    FTP 135 Response: \027\003\003\000@\000C~\236Jv\212�&"�\233\223_\230*�\v��jV\003\206(\2024\206JG\032��e
42   0.124964    127.0.0.1 -> 127.0.0.1    FTP 127 Request: \027\003\003\0008t"�\202��4���0�\216*B�gJ&D\021u�\2057��'��\231
43   0.137038    127.0.0.1 -> 127.0.0.1    FTP 127 Response: \027\003\003\0008\026\232��K\035z�H�W\025��\226��i%~��^s�\203.�\t���(�7i�\221�$y%�\t(ۼ�î�q���
44   0.137192    127.0.0.1 -> 127.0.0.1    FTP 311 Request: \027\003\003\000��L/¤7\203G�s��輥J�I\202\025!���uu6\001]�H�fJ\215\006�������7y\016���@�#>�\025\217�\021Ԭb\022"\227\216�+�\036[_�W�\003}/w�=\030\227]��Z�!kG���\212%��\032ry�\035��q?O>�\000zTD�\035͹\207�@\235�x\221%��\226;&4km\037ĥ\036f\004�]\206i�al��k=�\232\177�v��\2347���\205o�s�\017=\217�z�*�{�v\221�\232@\001O\005�)�*��\�z�mR��C�P�\024&�\232!w�m'�=�s{���\002\215�`\234���?\231POp4��\020-\032
45   0.137315    127.0.0.1 -> 127.0.0.1    FTP 127 Response: \027\003\003\0008_8��\016Q�5 S\b2��<\000�\a.\f��Ū�e�\026�\2148n\235��ѻ�^_\233Q\221\234ֹ���d\027\b�
46   0.138526    127.0.0.1 -> 127.0.0.1    FTP 135 Request: \027\003\003\000@+��\236n!\024�7\235\006��\222\033�\000Ĥ�~{[��\214�?\216d�\213.\004��c�D����\016OI\230�VE\230O\035��d\234\035�"L�$
47   0.138632    127.0.0.1 -> 127.0.0.1    FTP 127 Response: \027\003\003\0008�w\036��"�޹w
48   0.138721    127.0.0.1 -> 127.0.0.1    FTP 183 Request: \027\003\003\000p�ut\221P�qp�L�b��sɦ�q1��,��J\232`0�il\004\236��\2102>\233\225\003Z/M\236\025��M\037�\025��\001lH}f�fO5\215A�o�\200\204۪\222g\221�����^�\202�y\223%�����\002}�?\0370�vBw��*gZ\230O�
49   0.138813    127.0.0.1 -> 127.0.0.1    FTP 127 Response: \027\003\003\0008�Yg?�0q\204��78�G#5���\004��MpK�\215Q����1�{��\225m p\206\035A���?\205\236�\037RN\006\017
50   0.138904    127.0.0.1 -> 127.0.0.1    FTP 303 Request: \027\003\003\000��@\213\2237!\002\004x\016#4�D|�Ϋ9jo�\035��S\003{C��1
51   0.138999    127.0.0.1 -> 127.0.0.1    FTP 127 Response: \027\003\003\0008+X�\016�"y\236]�YzW`
52   0.139170    127.0.0.1 -> 127.0.0.1    FTP 247 Request: \027\003\003\000�\211\035��%�\213�8\004���=�aXW@��\210�\f-\035\222�mo\233d��(8n\230\206\236�p'p\201\005�s�\255*�\026\0039Р\002_\{�mB�\004h��I\006I(S�\235lU\212X�,*��C�R-(��D\210F��w��i\f�\206W��\216y��\202\215\221��9\203�\230\255\022�o�T�\233\000\214s�EEn\035�\020\025\027\006\227,�DS�S��R�.�)\215|e.\214\2167ν\025\023}��o�\000\223�t\000
53   0.139330    127.0.0.1 -> 127.0.0.1    FTP 151 Response: \027\003\003\000P\210zg�\2243�N\033��6p\vs�d�\023Pv-\001�ܳ\237\033�\211\234I�\226\200\003�{�Ҩ\217�L\214\t9\005�)�\v�\026�tj����\230RE緿�\234>�ys~x\233q��$
54   0.139455    127.0.0.1 -> 127.0.0.1    TCP 74 53114 > 61287 [SYN] Seq=0 Win=32792 Len=0 MSS=16396 SACK_PERM=1 TSval=1360265 TSecr=0 WS=8
55   0.139463    127.0.0.1 -> 127.0.0.1    TCP 74 61287 > 53114 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=16396 SACK_PERM=1 TSval=1360265 TSecr=1360265 WS=8
56   0.139468    127.0.0.1 -> 127.0.0.1    TCP 66 53114 > 61287 [ACK] Seq=1 Ack=1 Win=32792 Len=0 TSval=1360265 TSecr=1360265
57   0.139538    127.0.0.1 -> 127.0.0.1    FTP 263 Request: \027\003\003\000�\214x\224\004g\235�o�\024sx�j\031zf\000��\213\031�\212)��&\230\234[ඨ\031{�\217�#��P�\222\0371\027r�l�*�\2021-\t�ON��\026\207\225[\202r͸-��Ϊ���*P�\000\212�X\211"rη�\t�\024�F��Ϋ�\214�\023\201�"��N�4��4f\230+C>&Q�\210�\213xegڧ9��\027Jj\005���(�5��\202,#�\033\002��\224c5��I\2310\210�\037��`�\022d���̵D@�A\212*C�\210\\214\177\233�\026
58   0.139735    127.0.0.1 -> 127.0.0.1    FTP 143 Response: \027\003\003\000H\213:��={hJd�p\023�\230��\223(�\026\206�gIá�\226\231��SY�2\004�\211V���\215��Y\032�u0�\030\235\255�\025\032�z�qt��I>d��\210;�
59   0.140054    127.0.0.1 -> 127.0.0.1    TCP 215 53114 > 61287 [PSH, ACK] Seq=1 Ack=1 Win=32792 Len=149 TSval=1360265 TSecr=1360265
60   0.140061    127.0.0.1 -> 127.0.0.1    TCP 66 61287 > 53114 [ACK] Seq=1 Ack=150 Win=32768 Len=0 TSval=1360265 TSecr=1360265
61   0.140289    127.0.0.1 -> 127.0.0.1    TCP 211 61287 > 53114 [PSH, ACK] Seq=1 Ack=150 Win=32768 Len=145 TSval=1360265 TSecr=1360265
62   0.140297    127.0.0.1 -> 127.0.0.1    TCP 66 53114 > 61287 [ACK] Seq=150 Ack=146 Win=32768 Len=0 TSval=1360265 TSecr=1360265
63   0.140708    127.0.0.1 -> 127.0.0.1    TCP 72 53114 > 61287 [PSH, ACK] Seq=150 Ack=146 Win=32768 Len=6 TSval=1360266 TSecr=1360265
64   0.176641    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=1973 Ack=1788 Win=32768 Len=0 TSval=1360275 TSecr=1360265
65   0.184665    127.0.0.1 -> 127.0.0.1    TCP 66 61287 > 53114 [ACK] Seq=146 Ack=156 Win=32768 Len=0 TSval=1360277 TSecr=1360266
66   0.184680    127.0.0.1 -> 127.0.0.1    TCP 167 53114 > 61287 [PSH, ACK] Seq=156 Ack=146 Win=32768 Len=101 TSval=1360277 TSecr=1360277
67   0.184716    127.0.0.1 -> 127.0.0.1    TCP 66 61287 > 53114 [ACK] Seq=146 Ack=257 Win=32768 Len=0 TSval=1360277 TSecr=1360277
68   0.184910    127.0.0.1 -> 127.0.0.1    TCP 167 61287 > 53114 [PSH, ACK] Seq=146 Ack=257 Win=32768 Len=101 TSval=1360277 TSecr=1360277
69   0.224752    127.0.0.1 -> 127.0.0.1    TCP 66 53114 > 61287 [ACK] Seq=257 Ack=247 Win=32768 Len=0 TSval=1360287 TSecr=1360277
70   0.224905    127.0.0.1 -> 127.0.0.1    TCP 103 61287 > 53114 [PSH, ACK] Seq=247 Ack=257 Win=32768 Len=37 TSval=1360287 TSecr=1360287
71   0.224924    127.0.0.1 -> 127.0.0.1    TCP 66 53114 > 61287 [ACK] Seq=257 Ack=284 Win=32768 Len=0 TSval=1360287 TSecr=1360287
72   0.225731    127.0.0.1 -> 127.0.0.1    TCP 66 53114 > 61287 [FIN, ACK] Seq=257 Ack=284 Win=32768 Len=0 TSval=1360287 TSecr=1360287
73   0.225978    127.0.0.1 -> 127.0.0.1    TCP 66 61287 > 53114 [FIN, ACK] Seq=284 Ack=258 Win=32768 Len=0 TSval=1360287 TSecr=1360287
74   0.226000    127.0.0.1 -> 127.0.0.1    TCP 66 53114 > 61287 [ACK] Seq=258 Ack=285 Win=32768 Len=0 TSval=1360287 TSecr=1360287
75   0.226239    127.0.0.1 -> 127.0.0.1    FTP 127 Response: \027\003\003\0008�+?t`\177&�}�Y<�\v\2155\031P�\223}R���&|Ҥ׫/I�&\201^��ݢ�f}\021\231��\223\006R�� �\234
76   0.226448    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=1973 Ack=1849 Win=32768 Len=0 TSval=1360287 TSecr=1360287
77   1.783819    127.0.0.1 -> 127.0.0.1    FTP 295 Request: \027\003\003\000�xi\016�\234�_\210�����㯴C\224%\226e%r�yb��Fרpke\023^G?T\212�G�aWa\000�;(�Sx���\201��|;\b\025C�{\233\032�\216��Nɴ<s
78   1.784247    127.0.0.1 -> 127.0.0.1    FTP 119 Response: \027\003\003\0000B���8���a\213\227��zK\026Q�\024�Q�Ǿ�/\223\207\025N\1�\bp1\f'��\232wj�Y\026*<
79   1.784269    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [ACK] Seq=2202 Ack=1902 Win=32768 Len=0 TSval=1360676 TSecr=1360676
80   1.784310    127.0.0.1 -> 127.0.0.1    TCP 66 21 > 36468 [FIN, ACK] Seq=1902 Ack=2202 Win=32768 Len=0 TSval=1360676 TSecr=1360676
81   1.787788    127.0.0.1 -> 127.0.0.1    TCP 66 36468 > 21 [RST, ACK] Seq=2202 Ack=1903 Win=32768 Len=0 TSval=1360677 TSecr=1360676


cap data when using non FTP
root@ubuntu1204-vm1:~# lftp
lftp :~> open -u test01 -p21 ftp://127.0.0.1
Password:
lftp test01@127.0.0.1:~> ls                   
-rw-r--r--    1 1001     1001            6 Feb 14 23:38 hello.txt
lftp test01@127.0.0.1:~> bye
root@ubuntu1204-vm1:~#

root@ubuntu1204-vm1:~# tshark -nr non-ftps.pcap
 1   0.000000    127.0.0.1 -> 127.0.0.1    TCP 74 36471 > 21 [SYN] Seq=0 Win=32792 Len=0 MSS=16396 SACK_PERM=1 TSval=1422273 TSecr=0 WS=8
 2   0.000024    127.0.0.1 -> 127.0.0.1    TCP 74 21 > 36471 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=16396 SACK_PERM=1 TSval=1422273 TSecr=1422273 WS=8
 3   0.000040    127.0.0.1 -> 127.0.0.1    TCP 66 36471 > 21 [ACK] Seq=1 Ack=1 Win=32792 Len=0 TSval=1422273 TSecr=1422273
 4   0.007654    127.0.0.1 -> 127.0.0.1    FTP 86 Response: 220 (vsFTPd 2.3.5)
 5   0.007740    127.0.0.1 -> 127.0.0.1    TCP 66 36471 > 21 [ACK] Seq=1 Ack=21 Win=32776 Len=0 TSval=1422275 TSecr=1422275
 6   0.007905    127.0.0.1 -> 127.0.0.1    FTP 72 Request: FEAT
 7   0.007922    127.0.0.1 -> 127.0.0.1    TCP 66 21 > 36471 [ACK] Seq=21 Ack=7 Win=32768 Len=0 TSval=1422275 TSecr=1422275
 8   0.008135    127.0.0.1 -> 127.0.0.1    FTP 81 Response: 211-Features:
 9   0.008233    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  EPRT
10   0.008284    127.0.0.1 -> 127.0.0.1    TCP 66 36471 > 21 [ACK] Seq=7 Ack=43 Win=32768 Len=0 TSval=1422276 TSecr=1422276
11   0.008354    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  EPSV
12   0.008427    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  MDTM
13   0.008475    127.0.0.1 -> 127.0.0.1    TCP 66 36471 > 21 [ACK] Seq=7 Ack=57 Win=32768 Len=0 TSval=1422276 TSecr=1422276
14   0.008539    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  PASV
15   0.008638    127.0.0.1 -> 127.0.0.1    FTP 80 Response:  REST STREAM
16   0.008687    127.0.0.1 -> 127.0.0.1    TCP 66 36471 > 21 [ACK] Seq=7 Ack=78 Win=32768 Len=0 TSval=1422276 TSecr=1422276
17   0.008751    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  SIZE
18   0.008820    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  TVFS
19   0.008866    127.0.0.1 -> 127.0.0.1    TCP 66 36471 > 21 [ACK] Seq=7 Ack=92 Win=32768 Len=0 TSval=1422276 TSecr=1422276
20   0.008927    127.0.0.1 -> 127.0.0.1    FTP 73 Response:  UTF8
21   0.009006    127.0.0.1 -> 127.0.0.1    FTP 75 Response: 211 End
22   0.009054    127.0.0.1 -> 127.0.0.1    TCP 66 36471 > 21 [ACK] Seq=7 Ack=108 Win=32768 Len=0 TSval=1422276 TSecr=1422276
23   0.009341    127.0.0.1 -> 127.0.0.1    FTP 80 Request: OPTS UTF8 ON
24   0.009436    127.0.0.1 -> 127.0.0.1    FTP 92 Response: 200 Always in UTF8 mode.
25   0.009646    127.0.0.1 -> 127.0.0.1    FTP 79 Request: USER test01
26   0.009749    127.0.0.1 -> 127.0.0.1    FTP 100 Response: 331 Please specify the password.
27   0.010080    127.0.0.1 -> 127.0.0.1    FTP 79 Request: PASS test01
28   0.028178    127.0.0.1 -> 127.0.0.1    FTP 89 Response: 230 Login successful.
29   0.028245    127.0.0.1 -> 127.0.0.1    FTP 71 Request: PWD
30   0.028290    127.0.0.1 -> 127.0.0.1    FTP 86 Response: 257 "/home/test01"
31   0.029473    127.0.0.1 -> 127.0.0.1    FTP 72 Request: PASV
32   0.029572    127.0.0.1 -> 127.0.0.1    FTP 113 Response: 227 Entering Passive Mode (127,0,0,1,145,78).
33   0.029660    127.0.0.1 -> 127.0.0.1    TCP 74 51140 > 37198 [SYN] Seq=0 Win=32792 Len=0 MSS=16396 SACK_PERM=1 TSval=1422281 TSecr=0 WS=8
34   0.029668    127.0.0.1 -> 127.0.0.1    TCP 74 37198 > 51140 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=16396 SACK_PERM=1 TSval=1422281 TSecr=1422281 WS=8
35   0.029672    127.0.0.1 -> 127.0.0.1    TCP 66 51140 > 37198 [ACK] Seq=1 Ack=1 Win=32792 Len=0 TSval=1422281 TSecr=1422281
36   0.029712    127.0.0.1 -> 127.0.0.1    FTP 72 Request: LIST
37   0.029806    127.0.0.1 -> 127.0.0.1    FTP 105 Response: 150 Here comes the directory listing.
38   0.029905    127.0.0.1 -> 127.0.0.1    FTP-DATA 133 FTP Data: 67 bytes
39   0.029912    127.0.0.1 -> 127.0.0.1    TCP 66 51140 > 37198 [ACK] Seq=1 Ack=68 Win=32768 Len=0 TSval=1422281 TSecr=1422281
40   0.031286    127.0.0.1 -> 127.0.0.1    TCP 66 37198 > 51140 [FIN, ACK] Seq=68 Ack=1 Win=32768 Len=0 TSval=1422281 TSecr=1422281
41   0.031336    127.0.0.1 -> 127.0.0.1    TCP 66 51140 > 37198 [FIN, ACK] Seq=1 Ack=69 Win=32768 Len=0 TSval=1422281 TSecr=1422281
42   0.031343    127.0.0.1 -> 127.0.0.1    TCP 66 37198 > 51140 [ACK] Seq=69 Ack=2 Win=32768 Len=0 TSval=1422281 TSecr=1422281
43   0.031380    127.0.0.1 -> 127.0.0.1    FTP 90 Response: 226 Directory send OK.
44   0.031396    127.0.0.1 -> 127.0.0.1    TCP 66 36471 > 21 [ACK] Seq=64 Ack=321 Win=32768 Len=0 TSval=1422281 TSecr=1422281
45   1.335075    127.0.0.1 -> 127.0.0.1    FTP 72 Request: QUIT
46   1.335209    127.0.0.1 -> 127.0.0.1    FTP 80 Response: 221 Goodbye.
47   1.335236    127.0.0.1 -> 127.0.0.1    TCP 66 21 > 36471 [FIN, ACK] Seq=335 Ack=70 Win=32768 Len=0 TSval=1422607 TSecr=1422607
48   1.338249    127.0.0.1 -> 127.0.0.1    TCP 66 36471 > 21 [RST, ACK] Seq=70 Ack=336 Win=32768 Len=0 TSval=1422608 TSecr=1422607
root@ubuntu1204-vm1:~#
Labels: , , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)