lost and found ( for me ? )

Ubuntu 13.10 vsftpd : passive, active(port) mode

Here are logs when configuring vsftpd passive, active mode.

install vsftpd via apt-get.
# apt-get install vsftpd -y

# vsftpd -v
vsftpd: version 3.0.2

configuration file ( /etc/vsftpd.conf )

[ passive mode ]

options to use passive mode
      pasv_enable
             Set to NO if you want to disallow the PASV method of obtaining a
             data connection.

             Default: YES

      pasv_max_port
             The  maximum  port  to allocate for PASV style data connections.
             Can be used to specify a  narrow  port  range  to  assist  fire‐
             walling.

             Default: 0 (use any port)

      pasv_min_port
             The  minimum  port  to allocate for PASV style data connections.
             Can be used to specify a  narrow  port  range  to  assist  fire‐
             walling.

             Default: 0 (use any port)



# grep -v ^# /etc/vsftpd.conf | grep -v ^$
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
anon_upload_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
pasv_enable=yes
pasv_max_port=10000
pasv_min_port=9000
seccomp_sandbox=no
port_enable=no



access to the FTP server
client: 192.168.11.100
vsftpd: 192.168.11.23

$ ftp 192.168.11.23
Connected to 192.168.11.23.
220 (vsFTPd 3.0.2)
Name (192.168.11.23:hattori): hattori
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls -a
227 Entering Passive Mode (192,168,11,23,36,203).
150 Here comes the directory listing.
drwxr-xr-x    3 1000     1000         4096 Oct 23 00:51 .
drwxr-xr-x    3 0        0            4096 Oct 23 00:49 ..
-rw-------    1 1000     1000           10 Oct 23 00:51 .bash_history
-rw-r--r--    1 1000     1000          220 Oct 23 00:49 .bash_logout
-rw-r--r--    1 1000     1000         3637 Oct 23 00:49 .bashrc
drwx------    2 1000     1000         4096 Oct 23 00:49 .cache
-rw-r--r--    1 1000     1000          675 Oct 23 00:49 .profile
226 Directory send OK.
ftp> bye
221 Goodbye.

control channel
tcp 21
# tshark -i eth0 -n tcp
tshark: Lua: Error during loading:
[string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Running as user "root" and group "root". This could be dangerous.
Capturing on 'eth0'
 0.000000 192.168.11.100 -> 192.168.11.23 TCP 74 49456 > 21 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=5685754 TSecr=0 WS=128
 0.000094 192.168.11.23 -> 192.168.11.100 TCP 74 21 > 49456 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=412059 TSecr=5685754 WS=64
 0.000384 192.168.11.100 -> 192.168.11.23 TCP 66 49456 > 21 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=5685754 TSecr=412059
 0.005315 192.168.11.23 -> 192.168.11.100 FTP 86 Response: 220 (vsFTPd 3.0.2)
 0.005699 192.168.11.100 -> 192.168.11.23 TCP 66 49456 > 21 [ACK] Seq=1 Ack=21 Win=29312 Len=0 TSval=5685755 TSecr=412060
5   1.675451 192.168.11.100 -> 192.168.11.23 FTP 80 Request: USER hattori
 1.675528 192.168.11.23 -> 192.168.11.100 TCP 66 21 > 49456 [ACK] Seq=21 Ack=15 Win=28992 Len=0 TSval=412478 TSecr=5686172

data channel
client(192.168.11.100) establishes TCP connections to the vsftpd.
 6.124141 192.168.11.100 -> 192.168.11.23 TCP 74 33283 > 9419 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=5687285 TSecr=0 WS=128
 6.124180 192.168.11.23 -> 192.168.11.100 TCP 74 9419 > 33283 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=413590 TSecr=5687285 WS=64
 6.124399 192.168.11.100 -> 192.168.11.23 TCP 66 33283 > 9419 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=5687285 TSecr=413590



[ active(port) mode ]
options to configure active mode.

      port_enable
             Set to NO if you want to disallow the PORT method of obtaining a
             data connection.

             Default: YES

     ftp_data_port
             The port from which PORT style connections originate (as long as
             the poorly named connect_from_port_20 is enabled).

             Default: 20





# grep -v ^# /etc/vsftpd.conf | grep -v ^$
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
anon_upload_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
pasv_enable=no
pasv_max_port=10000
pasv_min_port=9000
seccomp_sandbox=no
port_enable=yes
ftp_data_port=30000





$ ftp 192.168.11.23
Connected to 192.168.11.23.
220 (vsFTPd 3.0.2)
Name (192.168.11.23:hattori): hattori
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> passive
Passive mode off.
ftp> ls -a
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x    3 1000     1000         4096 Oct 23 00:51 .
drwxr-xr-x    3 0        0            4096 Oct 23 00:49 ..
-rw-------    1 1000     1000           10 Oct 23 00:51 .bash_history
-rw-r--r--    1 1000     1000          220 Oct 23 00:49 .bash_logout
-rw-r--r--    1 1000     1000         3637 Oct 23 00:49 .bashrc
drwx------    2 1000     1000         4096 Oct 23 00:49 .cache
-rw-r--r--    1 1000     1000          675 Oct 23 00:49 .profile
226 Directory send OK.
ftp> bye
221 Goodbye.





control channel
 0.000000 192.168.11.100 -> 192.168.11.23 TCP 74 49477 > 21 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=5819343 TSecr=0 WS=128



data channel
The ftpd(192.168.11.23) establishes TCP connections to the client. ( src port 30000 )
 7.356059 192.168.11.23 -> 192.168.11.100 TCP 74 30000 > 41420 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=547487 TSecr=0 WS=64

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.