FTP open host process

技术2025-04-02 42

下面是一个用wireshark抓的， ftp open时候的过程。

客户端和服务器端的端口都没有变化，服务器用的是21端口。

1. 三次握手

No. Time Source Destination Protocol Info 1 0.000000 10.74.52.92 10.77.21.166 TCP 34756 > ftp [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=555948430 TSER=0 WS=7 Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 0, Len: 0 No. Time Source Destination Protocol Info 2 0.105200 10.77.21.166 10.74.52.92 TCP ftp > 34756 [SYN, ACK] Seq=0 Ack=1 Win=64512 Len=0 MSS=1330 WS=0 TSV=0 TSER=0 SACK_PERM=1 Frame 2: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef) Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Info 3 0.105244 10.74.52.92 10.77.21.166 TCP 34756 > ftp [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=555948456 TSER=0 Frame 3: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 1, Ack: 1, Len: 0

2. 服务器发来自己的标识

No. Time Source Destination Protocol Info 4 0.208322 10.77.21.166 10.74.52.92 FTP Response: 220 Microsoft FTP Service Frame 4: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef) Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 1, Ack: 1, Len: 27 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 5 0.208365 10.74.52.92 10.77.21.166 TCP 34756 > ftp [ACK] Seq=1 Ack=28 Win=5888 Len=0 TSV=555948482 TSER=14500999 Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 1, Ack: 28, Len: 0

3. 客户端发送登录的用户名，这次用的是匿名登录

No. Time Source Destination Protocol Info 6 17125.849301 10.74.52.92 10.77.21.166 FTP Request: USER anonymous Frame 6: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 1, Ack: 28, Len: 16 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 7 17125.952716 10.77.21.166 10.74.52.92 FTP Response: 331 Anonymous access allowed, send identity (e-mail name) as password. Frame 7: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits) Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef) Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 28, Ack: 17, Len: 72 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 8 17125.952760 10.74.52.92 10.77.21.166 TCP 34756 > ftp [ACK] Seq=17 Ack=100 Win=5888 Len=0 TSV=560206650 TSER=14672252 Frame 8: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 17, Ack: 100, Len: 0

4. 发送匿名用户的密码，貌似是明文？

No. Time Source Destination Protocol Info 9 17560.816985 10.74.52.92 10.77.21.166 FTP Request: PASS NcFTP@ Frame 9: 79 bytes on wire (632 bits), 79 bytes captured (632 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 17, Ack: 100, Len: 13 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 10 17560.928850 10.77.21.166 10.74.52.92 FTP Response: 230 Anonymous user logged in. Frame 10: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef) Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 100, Ack: 30, Len: 31 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 11 17560.928894 10.74.52.92 10.77.21.166 TCP 34756 > ftp [ACK] Seq=30 Ack=131 Win=5888 Len=0 TSV=560314781 TSER=14676602 Frame 11: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 30, Ack: 131, Len: 0

5.请求当前的路径

No. Time Source Destination Protocol Info 12 17810.419089 10.74.52.92 10.77.21.166 FTP Request: PWD Frame 12: 71 bytes on wire (568 bits), 71 bytes captured (568 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 30, Ack: 131, Len: 5 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 13 17810.521822 10.77.21.166 10.74.52.92 FTP Response: 257 "/" is current directory. Frame 13: 97 bytes on wire (776 bits), 97 bytes captured (776 bits) Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef) Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 131, Ack: 35, Len: 31 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 14 17810.521862 10.74.52.92 10.77.21.166 TCP 34756 > ftp [ACK] Seq=35 Ack=162 Win=5888 Len=0 TSV=560376825 TSER=14679098 Frame 14: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 35, Ack: 162, Len: 0

6. 请求feature，貌似服务器不支持

No. Time Source Destination Protocol Info 15 18651.095674 10.74.52.92 10.77.21.166 FTP Request: FEAT Frame 15: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 35, Ack: 162, Len: 6 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 16 18651.198840 10.77.21.166 10.74.52.92 FTP Response: 500 'FEAT': command not understood Frame 16: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef) Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 162, Ack: 41, Len: 36 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 17 18651.198891 10.74.52.92 10.77.21.166 TCP 34756 > ftp [ACK] Seq=41 Ack=198 Win=5888 Len=0 TSV=560585832 TSER=14687505 Frame 17: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 41, Ack: 198, Len: 0

7. 不知道这是啥命令

No. Time Source Destination Protocol Info 18 18888.285635 10.74.52.92 10.77.21.166 FTP Request: HELP SITE Frame 18: 77 bytes on wire (616 bits), 77 bytes captured (616 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 41, Ack: 198, Len: 11 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 19 18888.392638 10.77.21.166 10.74.52.92 FTP Response: 214 Syntax: SITE (site-specific commands) Frame 19: 109 bytes on wire (872 bits), 109 bytes captured (872 bits) Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef) Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 198, Ack: 52, Len: 43 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 20 18888.392677 10.74.52.92 10.77.21.166 TCP 34756 > ftp [ACK] Seq=52 Ack=241 Win=5888 Len=0 TSV=560644797 TSER=14689876 Frame 20: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 52, Ack: 241, Len: 0

8. 同样不知道这是啥命令

No. Time Source Destination Protocol Info 21 19426.362670 10.74.52.92 10.77.21.166 FTP Request: CLNT NcFTP 3.2.4 linux-x86-glibc2.6 Frame 21: 103 bytes on wire (824 bits), 103 bytes captured (824 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 52, Ack: 241, Len: 37 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 22 19426.465881 10.77.21.166 10.74.52.92 FTP Response: 500 'CLNT NcFTP 3.2.4 linux-x86-glibc2.6': command not understood Frame 22: 133 bytes on wire (1064 bits), 133 bytes captured (1064 bits) Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef) Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92) Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 241, Ack: 89, Len: 67 File Transfer Protocol (FTP) No. Time Source Destination Protocol Info 23 19426.465939 10.74.52.92 10.77.21.166 TCP 34756 > ftp [ACK] Seq=89 Ack=308 Win=5888 Len=0 TSV=560778555 TSER=14695257 Frame 23: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08) Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166) Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 89, Ack: 308, Len: 0

ok，整个过程结束，算是登录成功了。

最新回复(0)