There are number of alternatives. On of them is SFTP (Secure File Transfer Protocol). The design of this protocols is very different from FTP even though it shares its name.
In FTP we have concept of separate control and data channels. The client can sent commands over the control TCP session and data transfers happens in the data TCP sessions. Both the control and data TCP session has its own TCP conventions. Passive and active FTP mode make it even more convoluted.
In SFTP there is one session (by default the client connect on port 22 from random source port). The single session is used to exchange a mix of control and data commands. This is still truth that for a file transfer you need a new TCP session but the session is initiated in a similar way on port 22. From network point of view there is not much difference how the first or second TCP session looks. The sessions are independent but connected.
Example tcpdump showing a single file transfer (100* is client, 200* is server):
Nr Time Source Destination Protocol flags Length vlan hsrc hdst sport dport Window size value Seq# Ack# Info
# connecting to the SFTP server
130 0.017634 100.0.0.1 200.0.0.1 TCP 0x02 66 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 65535 0 55373 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=128 SACK_PERM=1
131 0.002186 200.0.0.1 100.0.0.1 TCP 0x12 66 Cisco_ee:08:c0 Dell_75:49:e3 22 55373 8192 0 1 ssh > 55373 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1380 WS=256 SACK_PERM=1
132 0.000033 100.0.0.1 200.0.0.1 TCP 0x10 54 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 32768 1 1 55373 > ssh [ACK] Seq=1 Ack=1 Win=4194304 Len=0
133 0.004121 200.0.0.1 100.0.0.1 SSHv2 0x18 87 Cisco_ee:08:c0 Dell_75:49:e3 22 55373 258 1 1 Server Protocol: SSH-2.0-1.82_sshlib GlobalSCAPE\r
134 0.000234 100.0.0.1 200.0.0.1 SSHv2 0x18 97 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 32767 1 34 Client Protocol: SSH-2.0-PuTTY_Local:_Jan__8_2012_14:40:35\r
135 0.000055 100.0.0.1 200.0.0.1 TCP 0x18 566 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 32767 44 34 [TCP segment of a reassembled PDU]
136 0.000018 100.0.0.1 200.0.0.1 SSHv2 0x18 182 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 32767 556 34 Client: Key Exchange Init
137 0.002431 200.0.0.1 100.0.0.1 SSHv2 0x18 542 Cisco_ee:08:c0 Dell_75:49:e3 22 55373 258 34 44 Server: Key Exchange Init
138 0.000001 200.0.0.1 100.0.0.1 TCP 0x10 60 Cisco_ee:08:c0 Dell_75:49:e3 22 55373 256 522 684 ssh > 55373 [ACK] Seq=522 Ack=684 Win=65536 Len=0
139 0.000076 100.0.0.1 200.0.0.1 SSHv2 0x18 70 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 32763 684 522 Client: Diffie-Hellman Key Exchange Init
140 0.002168 200.0.0.1 100.0.0.1 SSHv2 0x18 334 Cisco_ee:08:c0 Dell_75:49:e3 22 55373 256 522 700 Server: Diffie-Hellman Key Exchange Reply
141 0.018620 100.0.0.1 200.0.0.1 SSHv2 0x18 326 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 32761 700 802 Client: Diffie-Hellman GEX Init
142 0.024606 200.0.0.1 100.0.0.1 SSHv2 0x18 902 Cisco_ee:08:c0 Dell_75:49:e3 22 55373 254 802 972 Server: Diffie-Hellman GEX Reply
144 0.005229 100.0.0.1 200.0.0.1 SSHv2 0x18 70 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 32768 972 1650 Encrypted request packet len=16[Malformed Packet]
145 0.000113 100.0.0.1 200.0.0.1 SSHv2 0x18 142 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 32768 988 1650 Encrypted request packet len=88
146 0.001946 200.0.0.1 100.0.0.1 TCP 0x10 60 Cisco_ee:08:c0 Dell_75:49:e3 22 55373 254 1650 1076 ssh > 55373 [ACK] Seq=1650 Ack=1076 Win=65024 Len=0
147 0.000001 200.0.0.1 100.0.0.1 SSHv2 0x18 174 Cisco_ee:08:c0 Dell_75:49:e3 22 55373 254 1650 1076 Encrypted response packet len=120
148 0.000249 100.0.0.1 200.0.0.1 SSHv2 0x18 158 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 32767 1076 1770 Encrypted request packet len=104
149 0.002327 200.0.0.1 100.0.0.1 SSHv2 0x18 122 Cisco_ee:08:c0 Dell_75:49:e3 22 55373 254 1770 1180 Encrypted response packet len=68
......
# we initiated a file transfer
# new tcp session is created, similar like in passive FTP mode
1683 0.064012 100.0.0.1 200.0.0.1 TCP 0x02 66 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 65535 0 55375 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=128 SACK_PERM=1
1684 0.002196 200.0.0.1 100.0.0.1 TCP 0x12 66 Cisco_ee:08:c0 Dell_75:49:e3 22 55375 8192 0 1 ssh > 55375 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1380 WS=256 SACK_PERM=1
1685 0.000035 100.0.0.1 200.0.0.1 TCP 0x10 54 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 32768 1 1 55375 > ssh [ACK] Seq=1 Ack=1 Win=4194304 Len=0
1686 0.004089 200.0.0.1 100.0.0.1 SSHv2 0x18 87 Cisco_ee:08:c0 Dell_75:49:e3 22 55375 258 1 1 Server Protocol: SSH-2.0-1.82_sshlib GlobalSCAPE\r
1687 0.000506 100.0.0.1 200.0.0.1 SSHv2 0x18 97 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 32767 1 34 Client Protocol: SSH-2.0-PuTTY_Local:_Jan__8_2012_14:40:35\r
1688 0.000053 100.0.0.1 200.0.0.1 TCP 0x18 566 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 32767 44 34 [TCP segment of a reassembled PDU]
1689 0.000015 100.0.0.1 200.0.0.1 SSHv2 0x18 182 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 32767 556 34 Client: Key Exchange Init
1690 0.002266 200.0.0.1 100.0.0.1 SSHv2 0x18 542 Cisco_ee:08:c0 Dell_75:49:e3 22 55375 258 34 44 Server: Key Exchange Init
1691 0.000001 200.0.0.1 100.0.0.1 TCP 0x10 60 Cisco_ee:08:c0 Dell_75:49:e3 22 55375 256 522 684 ssh > 55375 [ACK] Seq=522 Ack=684 Win=65536 Len=0
1692 0.000109 100.0.0.1 200.0.0.1 SSHv2 0x18 70 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 32763 684 522 Client: Diffie-Hellman Key Exchange Init
1693 0.002230 200.0.0.1 100.0.0.1 SSHv2 0x18 334 Cisco_ee:08:c0 Dell_75:49:e3 22 55375 256 522 700 Server: Diffie-Hellman Key Exchange Reply
1697 0.000446 100.0.0.1 200.0.0.1 SSHv2 0x18 326 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 32761 700 802 Client: Diffie-Hellman GEX Init
1698 0.023470 200.0.0.1 100.0.0.1 SSHv2 0x18 902 Cisco_ee:08:c0 Dell_75:49:e3 22 55375 254 802 972 Server: Diffie-Hellman GEX Reply
1699 0.027365 100.0.0.1 200.0.0.1 SSHv2 0x18 70 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 32768 972 1650 Encrypted request packet len=16[Malformed Packet]
1700 0.000111 100.0.0.1 200.0.0.1 SSHv2 0x18 142 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 32768 988 1650 Encrypted request packet len=88
1701 0.001906 200.0.0.1 100.0.0.1 TCP 0x10 60 Cisco_ee:08:c0 Dell_75:49:e3 22 55375 254 1650 1076 ssh > 55375 [ACK] Seq=1650 Ack=1076 Win=65024 Len=0
1702 0.000001 200.0.0.1 100.0.0.1 SSHv2 0x18 174 Cisco_ee:08:c0 Dell_75:49:e3 22 55375 254 1650 1076 Encrypted response packet len=120
1703 0.000303 100.0.0.1 200.0.0.1 SSHv2 0x18 158 Dell_75:49:e3 Cisco_ee:08:c0 55375 22 32767 1076 1770 Encrypted request packet len=104
...
# once the tranfer is finished both sessions are closed
2498 0.015696 100.0.0.1 200.0.0.1 TCP 0x14 54 Dell_75:49:e3 Cisco_ee:08:c0 55373 22 0 3768 3158 55373 > ssh [RST, ACK] Seq=3768 Ack=3158 Win=0 Len=0
Example loggin session from FileZilla:
Status: Connecting to 200.0.0.1... Response: fzSftp started Command: open "user_name@200.0.0.1" 22 Command: Trust new Hostkey: Once Command: Pass: ********** Status: Connected to 200.0.0.1 Status: Retrieving directory listing... Command: pwd Response: Current directory is: "/" Command: ls Status: Listing directory / Status: Calculating timezone offset of server... Command: mtime "Archive" Response: 1365109008 Status: Timezone offsets: Server: 0 seconds. Local: 3600 seconds. Difference: 3600 seconds. Status: Directory listing successful Status: Connecting to 200.0.0.1... Response: fzSftp started Command: open "user_name@200.0.0.1" 22 Command: Trust new Hostkey: Once Command: Pass: ********** Status: Connected to 200.0.0.1 Status: Starting download of /paht/to/the/file.txt Command: cd "/" Response: New directory is: "/" Command: get "/paht/to/the/file.txt" "c:\Users\file.txt" Status: remote:/paht/to/the/file.txt => local:c:\Users\file.txt Status: File transfer successful, transferred 360 bytes in 1 second Status: Disconnected from server Status: Disconnected from server
References
Posts
No comments:
Post a Comment