Here are logs when configuring vsftpd passive, active mode.
install vsftpd via apt-get.
# apt-get install vsftpd -y
# vsftpd -v
vsftpd: version 3.0.2
|
configuration file ( /etc/vsftpd.conf )
[ passive mode ]
options to use passive mode
pasv_enable
Set to NO if you want to disallow the PASV method of obtaining a
data connection.
Default: YES
pasv_max_port
The maximum port to allocate for PASV style data connections.
Can be used to specify a narrow port range to assist fire‐
walling.
Default: 0 (use any port)
pasv_min_port
The minimum port to allocate for PASV style data connections.
Can be used to specify a narrow port range to assist fire‐
walling.
Default: 0 (use any port)
|
# grep -v ^# /etc/vsftpd.conf | grep -v ^$
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
anon_upload_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
pasv_enable=yes
pasv_max_port=10000
pasv_min_port=9000
seccomp_sandbox=no
port_enable=no
|
access to the FTP server
client: 192.168.11.100
vsftpd: 192.168.11.23
$ ftp 192.168.11.23
Connected to 192.168.11.23.
220 (vsFTPd 3.0.2)
Name (192.168.11.23:hattori): hattori
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls -a
227 Entering Passive Mode (192,168,11,23,36,203).
150 Here comes the directory listing.
drwxr-xr-x 3 1000 1000 4096 Oct 23 00:51 .
drwxr-xr-x 3 0 0 4096 Oct 23 00:49 ..
-rw------- 1 1000 1000 10 Oct 23 00:51 .bash_history
-rw-r--r-- 1 1000 1000 220 Oct 23 00:49 .bash_logout
-rw-r--r-- 1 1000 1000 3637 Oct 23 00:49 .bashrc
drwx------ 2 1000 1000 4096 Oct 23 00:49 .cache
-rw-r--r-- 1 1000 1000 675 Oct 23 00:49 .profile
226 Directory send OK.
ftp> bye
221 Goodbye.
|
control channel
tcp 21
# tshark -i eth0 -n tcp
tshark: Lua: Error during loading:
[string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Running as user "root" and group "root". This could be dangerous.
Capturing on 'eth0'
0.000000 192.168.11.100 -> 192.168.11.23 TCP 74 49456 > 21 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=5685754 TSecr=0 WS=128
0.000094 192.168.11.23 -> 192.168.11.100 TCP 74 21 > 49456 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=412059 TSecr=5685754 WS=64
0.000384 192.168.11.100 -> 192.168.11.23 TCP 66 49456 > 21 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=5685754 TSecr=412059
0.005315 192.168.11.23 -> 192.168.11.100 FTP 86 Response: 220 (vsFTPd 3.0.2)
0.005699 192.168.11.100 -> 192.168.11.23 TCP 66 49456 > 21 [ACK] Seq=1 Ack=21 Win=29312 Len=0 TSval=5685755 TSecr=412060
5 1.675451 192.168.11.100 -> 192.168.11.23 FTP 80 Request: USER hattori
1.675528 192.168.11.23 -> 192.168.11.100 TCP 66 21 > 49456 [ACK] Seq=21 Ack=15 Win=28992 Len=0 TSval=412478 TSecr=5686172
|
data channel
client(192.168.11.100) establishes TCP connections to the vsftpd.
6.124141 192.168.11.100 -> 192.168.11.23 TCP 74 33283 > 9419 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=5687285 TSecr=0 WS=128
6.124180 192.168.11.23 -> 192.168.11.100 TCP 74 9419 > 33283 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=413590 TSecr=5687285 WS=64
6.124399 192.168.11.100 -> 192.168.11.23 TCP 66 33283 > 9419 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=5687285 TSecr=413590
|
[ active(port) mode ]
options to configure active mode.
port_enable
Set to NO if you want to disallow the PORT method of obtaining a
data connection.
Default: YES
ftp_data_port
The port from which PORT style connections originate (as long as
the poorly named connect_from_port_20 is enabled).
Default: 20
|
# grep -v ^# /etc/vsftpd.conf | grep -v ^$
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
anon_upload_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
pasv_enable=no
pasv_max_port=10000
pasv_min_port=9000
seccomp_sandbox=no
port_enable=yes
ftp_data_port=30000
|
$ ftp 192.168.11.23
Connected to 192.168.11.23.
220 (vsFTPd 3.0.2)
Name (192.168.11.23:hattori): hattori
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> passive
Passive mode off.
ftp> ls -a
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x 3 1000 1000 4096 Oct 23 00:51 .
drwxr-xr-x 3 0 0 4096 Oct 23 00:49 ..
-rw------- 1 1000 1000 10 Oct 23 00:51 .bash_history
-rw-r--r-- 1 1000 1000 220 Oct 23 00:49 .bash_logout
-rw-r--r-- 1 1000 1000 3637 Oct 23 00:49 .bashrc
drwx------ 2 1000 1000 4096 Oct 23 00:49 .cache
-rw-r--r-- 1 1000 1000 675 Oct 23 00:49 .profile
226 Directory send OK.
ftp> bye
221 Goodbye.
|
control channel
0.000000 192.168.11.100 -> 192.168.11.23 TCP 74 49477 > 21 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=5819343 TSecr=0 WS=128
|
data channel
The ftpd(192.168.11.23) establishes TCP connections to the client. ( src port 30000 )
7.356059 192.168.11.23 -> 192.168.11.100 TCP 74 30000 > 41420 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=547487 TSecr=0 WS=64
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.