On Aug 2, 2006, at 9:24 PM, Alan Altmark wrote:
You can either activate the FTP server command exit and sample, or use
TCPSNIFF to watch what's going on. A separate data connection is
always
used, even for passive FTP. An ephemeral port number is used.
If passive FTP is really being used, then the problem is usually a
firewall that only opens certain port ranges to the target host.
And, no,
there is not [yet] a way to control the ephemeral port numbers used
by the
FTP server.
I guess I need to learn to use TCPSNIFF. I'm pretty sure there are
no firewalls in the mix, since I built the network between here and
there (the bits over the public Internet are over a VPN that I
control, and it ends up looking exactly like a wide-open network).
Unencrypted FTP gives me:
PASV
227 Data transfer will passively listen to 192,168,101,110,14,63
NLST
125 List started OK
250 List completed successfully.
Fair enough.
Encrypted, I get
PASV
227 Data transfer will passively listen to 192,168,131,1,4,31
NLST
125 List started OK
...and then nothing else ever comes back.
Adam
