ftp a nat
Marchyn Tibor
marchyn at vviss.cz
Tue Aug 7 12:43:54 CEST 2007
No ja tomu nerozumiem... na inom FW mi FTP slape uplne v pohode... bez
akychkolvek probs... aj aktivne aj pasivne... ale u mna vo firme mi to
nejde..
Tu su vypisy.. to je kompletny traffic z pohladu interneho interface a
externeho interface (jedno spojenie z dvoch okien)
tcpdump -i em1 -vvv dst host 212.80.77.48
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 96
bytes
12:41:31.406653 IP (tos 0x0, ttl 128, id 24760, offset 0, flags [DF],
proto: TCP (6), length: 48) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: S,
cksum 0xba68 (correct), 1644780466:1644780466(0) win 32768 <mss
1460,nop,nop,sackOK>
12:41:31.420089 IP (tos 0x0, ttl 128, id 24761, offset 0, flags [DF],
proto: TCP (6), length: 40) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: .,
cksum 0x1306 (correct), 1644780467:1644780467(0) ack 3541958092 win
33580
12:41:31.437232 IP (tos 0x0, ttl 128, id 24762, offset 0, flags [DF],
proto: TCP (6), length: 52) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: P,
cksum 0xa14f (correct), 0:12(12) ack 50 win 33531
12:41:31.457731 IP (tos 0x0, ttl 128, id 24764, offset 0, flags [DF],
proto: TCP (6), length: 56) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: P,
cksum 0x109e (correct), 12:28(16) ack 84 win 33497
12:41:31.474361 IP (tos 0x0, ttl 128, id 24765, offset 0, flags [DF],
proto: TCP (6), length: 46) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: P,
cksum 0x5f24 (correct), 28:34(6) ack 111 win 33470
12:41:31.489363 IP (tos 0x0, ttl 128, id 24766, offset 0, flags [DF],
proto: TCP (6), length: 46) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: P,
cksum 0x7e32 (correct), 34:40(6) ack 139 win 33442
12:41:31.505106 IP (tos 0x0, ttl 128, id 24767, offset 0, flags [DF],
proto: TCP (6), length: 45) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: P,
cksum 0x746c (correct), 40:45(5) ack 175 win 33406
12:41:31.534162 IP (tos 0x0, ttl 128, id 24768, offset 0, flags [DF],
proto: TCP (6), length: 48) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: P,
cksum 0x40df (correct), 45:53(8) ack 211 win 33370
12:41:31.552753 IP (tos 0x0, ttl 128, id 24769, offset 0, flags [DF],
proto: TCP (6), length: 64) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: P,
cksum 0xba51 (correct), 53:77(24) ack 231 win 33350
12:41:31.740085 IP (tos 0x0, ttl 128, id 24771, offset 0, flags [DF],
proto: TCP (6), length: 40) 10.10.10.22.21829 > bisvan.ccf.cz.ftp: .,
cksum 0x12b9 (correct), 77:77(0) ack 258 win 33323
tcpdump -i em0 -vvv src host 212.80.77.48
tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96
bytes
12:41:31.420055 IP (tos 0x0, ttl 122, id 36507, offset 0, flags [DF],
proto: TCP (6), length: 48) bisvan.ccf.cz.ftp > ns.vviss.cz.58809: S,
cksum 0x3df3 (correct), 3541958091:3541958091(0) ack 1644780467 win
65535 <mss 1460,nop,nop,sackOK>
12:41:31.434639 IP (tos 0x0, ttl 122, id 36508, offset 0, flags [DF],
proto: TCP (6), length: 89) bisvan.ccf.cz.ftp > ns.vviss.cz.58809: P
1:50(49) ack 1 win 65535
12:41:31.455132 IP (tos 0x0, ttl 122, id 36509, offset 0, flags [DF],
proto: TCP (6), length: 74) bisvan.ccf.cz.ftp > ns.vviss.cz.58809: P,
cksum 0xae1b (correct), 50:84(34) ack 13 win 65523
12:41:31.472119 IP (tos 0x0, ttl 122, id 36510, offset 0, flags [DF],
proto: TCP (6), length: 67) bisvan.ccf.cz.ftp > ns.vviss.cz.58809: P,
cksum 0x8640 (correct), 84:111(27) ack 29 win 65507
12:41:31.486815 IP (tos 0x0, ttl 122, id 36511, offset 0, flags [DF],
proto: TCP (6), length: 68) bisvan.ccf.cz.ftp > ns.vviss.cz.58809: P,
cksum 0x47ab (correct), 111:139(28) ack 35 win 65501
12:41:31.499785 IP (tos 0x0, ttl 122, id 36512, offset 0, flags [DF],
proto: TCP (6), length: 76) bisvan.ccf.cz.ftp > ns.vviss.cz.58809: P,
cksum 0x53c1 (correct), 139:175(36) ack 41 win 65495
12:41:31.519873 IP (tos 0x0, ttl 122, id 36513, offset 0, flags [DF],
proto: TCP (6), length: 76) bisvan.ccf.cz.ftp > ns.vviss.cz.58809: P,
cksum 0x789e (correct), 175:211(36) ack 46 win 65490
12:41:31.548909 IP (tos 0x0, ttl 122, id 36514, offset 0, flags [DF],
proto: TCP (6), length: 60) bisvan.ccf.cz.ftp > ns.vviss.cz.58809: P,
cksum 0xdee5 (correct), 211:231(20) ack 54 win 65482
12:41:31.567708 IP (tos 0x0, ttl 122, id 36516, offset 0, flags [DF],
proto: TCP (6), length: 67) bisvan.ccf.cz.ftp > ns.vviss.cz.58809: P,
cksum 0x2ddd (correct), 231:258(27) ack 78 win 65458
__________ Informace od NOD32 EMON 2440 (20070806) __________
Tato zprava byla proverena antivirovym systemem NOD32.
http://www.nod32.cz
More information about the Users-l
mailing list