[PLUG] Deciphering ethereal capture

Steve Bonds 1s7k8uhcd001 at sneakemail.com
Wed Jun 26 05:04:05 UTC 2002


The symptoms describe almost perfectly a case of trying to run a
non-passive FTP through a firewall.  As soon as FTP tries to open up the
data port from the server back to your computer (after the initial control
connection) it hangs.  The "ls" command triggers it.

Make sure that your ~/.ncftp/prefs file is set up for passive mode only.

  -- Steve

PS: SANS has a class with a large portion devoted to learning how to read
packet captures.  http://www.sans.org/onlinetraining/track3.php

On Tue, 25 Jun 2002, Rich Shepard rshepard at appl-ecosys.com XXXXXXXXXXXXXXXXXXX wrote:

>   I'm trying to find out why ncftp (and ftp) have stopped working properly.
> To this end I installed ethereal and captured the packets as I used ncftp to
> log into an ftp server down in Salem. Now I need help in interpreting the
> output.
> 
>   The file contains some packets from CUPS (the printing system) even though
> the printers are turned off and nothing's in the print queue. Then I see the
> connection being made (via Aracnet, too) and I'm logged in anonymously.
> However, as soon as I type 'ls' the system freezes. After a short time I
> killed the process with ctrl-q.
> 
>   Is someone willing to translate the file results for me and teach me how
> to interpret what ethereal captures? I printed the output to a text file so
> it's in English but still meaningless to me.
> 
> TIA,
> 
> Rich
> 
> 
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> 






More information about the PLUG mailing list