HPE Community
Operating System - HP-UX
1751718 Members
5511 Online
108781 Solutions
New Discussion юеВ

Re: tcpdump - ftp failing

 
Ravinder Singh Gill
Regular Advisor

тАО07-18-2005 01:19 AM

тАО07-18-2005 01:19 AM

tcpdump - ftp failing

ftp is failing from remote machine (within our organisation ftping works). upon doing tcpdump we are getting logs like the following:

15:05:33.750003 IP pserverl.ftp > rclientt.1266: S 3461986706:3461986706(0) ack 3482278913 win 32
768


can someone advise?
0 Kudos
Reply
6 REPLIES 6
Mel Burslan
Honored Contributor

тАО07-18-2005 01:33 AM

тАО07-18-2005 01:33 AM

Re: tcpdump - ftp failing

If this is the same problem you are talking about on this thread :

http://forums2.itrc.hp.com/service/forums/questionanswer.do?threadId=940188

I have to reiterate my firewall rules check suggestion. If ftp is working within the company but not from ouside, and you are not utilizing /var/adm/inetd.sec file to secure your inetd communications any further, I would definitely check my firewall rules with great scrutiny and wouldnot buy the fw admins' word saying "our firewall is working perfectly".
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Ravinder Singh Gill
Regular Advisor

тАО07-18-2005 05:34 PM

тАО07-18-2005 05:34 PM

Re: tcpdump - ftp failing

This is the response I have got from networks:

Ravinder

Thanks I can read it now.

The sequence for each attempted ftp is

15:05:33.749948 IP rclientt.1266 > pserverl.ftp: S 3482278912:3482278912(0) win 65535
15:05:33.750003 IP pserverl.ftp > rclientt.1266: S 3461986706:3461986706(0) ack 3482278913 win 32768
15:05:33.759476 IP rclientt.1266 > pserverl.ftp: . ack 1 win 65535

15:06:25.721854 IP rclientt.1266 > pserverl.ftp: R 3482278913:3482278913(0) win 0

What is happening is that the TCP session is set up (the 1st 3 messages) but percival does not send the client the signon message. Then nearly a minute later the client gives up and clears the session (the last message).

This is the same thing that was happening to galahad last week before you fixed the DNS. Therefore it looks like something similar is still happening here. Although tcpdump has no problem getting the name for the client's IP address.

Cheers


From this it would seem it is not the firewall causing the problem wouldn't it? Can anyone advise any further?
0 Kudos
Reply
Florian Heigl (new acc)
Honored Contributor

тАО07-18-2005 05:56 PM

тАО07-18-2005 05:56 PM

Re: tcpdump - ftp failing

did You check for a reverse lookup/DNS issue as suggested by Your networking staff.

florian
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
Ravinder Singh Gill
Regular Advisor

тАО07-18-2005 05:59 PM

тАО07-18-2005 05:59 PM

Re: tcpdump - ftp failing

I did an nslookup on the name & an nslookup on the IP address & it is fine - responds with the answer straight away.
0 Kudos
Reply
Ravinder Singh Gill
Regular Advisor

тАО07-18-2005 06:04 PM

тАО07-18-2005 06:04 PM

Re: tcpdump - ftp failing

Also in the syslog of the server I am getting messages like:

Jul 18 09:20:33 pserverl inetd[24156]: ftp/tcp: Connection from rclientt (ip address) at Mon Jul 18 09:20:33 2005
Jul 18 09:20:33 pserverl ftpd[24156]: getpeername (ftpd): Invalid argument

This is happening for every attempted connection by people from the other organisation. However whenever I try & connect from one of our other servers (even one which is on a different site) it seems to be fine).

Any suggestions?
0 Kudos
Reply
vinod_25
Valued Contributor

тАО07-18-2005 07:42 PM

тАО07-18-2005 07:42 PM

Re: tcpdump - ftp failing

hi ravinder

HP Does not provide support for the TCPDUMP program.TCPDUMP is a public domain utility, for more information go to

www.tcpdump.org

Very useful site... Hope this site solves your concerns...

Regards


Vinod K
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.