[PLUG] Deciphering ethereal capture

Thu Jun 27 04:36:44 UTC 2002

>>>>> "Rich" == Rich Shepard <rshepard at appl-ecosys.com> writes:

Rich>   Done. File's in the same place. This time, running 'ftp' and
Rich> explicitly turning on passive mode, I got a directory
Rich> listing. That's when I quit.

Rich>   Observations: when I used ncftp to connect to ftp.aracnet.com
Rich> (to put the log files there), I was able to use 'ls' and get a
Rich> short listing of the files there. When I used vanilla 'ftp', I
Rich> got no listing with 'dir'. Killing the process and trying again,
Rich> I explicitly turned on passive mode and could see a long,
Rich> directory listing regardless of using 'ls' or 'dir'.

Rich>   So, when connecting to ftp.aracnet.com via ncftp (where
Rich> passive mode is the default), everything works. When using ftp
Rich> it doesn't work until I explicitly turn on passive mode.

Rich>   When connecting to ftp.sscgis.state.or.us, I cannot get a
Rich> directory listing with ncftp and can with ftp only by turning on
Rich> passive mode.

Rich>   Connections to ftp.redhat.com via ncftp usually hangs when I
Rich> ask for a directory listing, but sometimes works. Mozilla may
Rich> work sometimes from rpmfind.net when contacting ftp.redhat.com;
Rich> sometimes it doesn't.

Rich>   In summary, everything worked until a couple of months
Rich> ago. Now, it's intermittent -- except on the state's site. If I
Rich> 'get' a file without requesting a listing it works. When I use
Rich> ncftpget, it works.

Rich>   Very strange and very puzzling.

Cc'ing the mailing list to communicate ultimate resolution.

Not really.  ncftp doesn't do old-fashioned passive mode, apparently,
it does "enhanced passive mode".  Some ftp servers, apparently, have
broken enhanced passive mode support.  Another possibility is that the
network administrators at the server end have firewalled off
connections to the ports where enhanced passive mode servers listen
for data connections.  Your /usr/bin/ftp (probably from the Berkeley
netkit) does old fashioned passive mode and therefore works in that
mode.  And despite what you claimed earlier, /usr/bin/ftp is _not_
doing passive mode by default.  You have to turn it on manually.  I
suspect that your breakage occurred either when you upgraded ncftp
(which got rid of the old passive mode, apparently) or when the server
was upgraded or otherwise modified or perhaps filtered.

BTW, standard ftp _can_ work through an IP_MASQ'd firewall, the
firewall just has to support it.  I've got a 2.4.x kernel doing just
that right now.

So, either: a) ditch ncftp; b) fix it to do regular passive mode; c)
fix your firewall to do normal ftp; or d) just haul out /usr/bin/ftp
when ncftp doesn't work.  I suppose e) would be to complain to the
server's administrators and tell them what is happening.  If you do,
be sure to cite "enhanced passive mode".

-- 
Russell Senior         ``The two chiefs turned to each other.        
seniorr at aracnet.com      Bellison uncorked a flood of horrible       
                         profanity, which, translated meant, `This is
                         extremely unusual.' ''                      