FTP open host process

下面是一个用wireshark抓的 ， ftp open时候的过程。

 

 客户端和服务器端的端口都没有变化，服务器用的是21端口 。

 

1. 三次握手

No.     Time        Source                Destination           Protocol Info
      1 0.000000    10.74.52.92           10.77.21.166          TCP      34756 > ftp [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=555948430 TSER=0 WS=7

Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 0, Len: 0

No.     Time        Source                Destination           Protocol Info
      2 0.105200    10.77.21.166          10.74.52.92           TCP      ftp > 34756 [SYN, ACK] Seq=0 Ack=1 Win=64512 Len=0 MSS=1330 WS=0 TSV=0 TSER=0 SACK_PERM=1

Frame 2: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef)
Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 0, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Info
      3 0.105244    10.74.52.92           10.77.21.166          TCP      34756 > ftp [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=555948456 TSER=0

Frame 3: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 1, Ack: 1, Len: 0

 

2. 服务器发来自己的标识

No.     Time        Source                Destination           Protocol Info
      4 0.208322    10.77.21.166          10.74.52.92           FTP      Response: 220 Microsoft FTP Service

Frame 4: 93 bytes on wire (744 bits), 93 bytes captured (744 bits)
Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef)
Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 1, Ack: 1, Len: 27
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
      5 0.208365    10.74.52.92           10.77.21.166          TCP      34756 > ftp [ACK] Seq=1 Ack=28 Win=5888 Len=0 TSV=555948482 TSER=14500999

Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 1, Ack: 28, Len: 0

 

3. 客户端发送登录的用户名，这次用的是匿名登录

No.     Time        Source                Destination           Protocol Info
      6 17125.849301 10.74.52.92           10.77.21.166          FTP      Request: USER anonymous

Frame 6: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 1, Ack: 28, Len: 16
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
      7 17125.952716 10.77.21.166          10.74.52.92           FTP      Response: 331 Anonymous access allowed, send identity (e-mail name) as password.

Frame 7: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef)
Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 28, Ack: 17, Len: 72
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
      8 17125.952760 10.74.52.92           10.77.21.166          TCP      34756 > ftp [ACK] Seq=17 Ack=100 Win=5888 Len=0 TSV=560206650 TSER=14672252

Frame 8: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 17, Ack: 100, Len: 0

 

4. 发送匿名用户的密码， 貌似是明文？

No.     Time        Source                Destination           Protocol Info
      9 17560.816985 10.74.52.92           10.77.21.166          FTP      Request: PASS NcFTP@

Frame 9: 79 bytes on wire (632 bits), 79 bytes captured (632 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 17, Ack: 100, Len: 13
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     10 17560.928850 10.77.21.166          10.74.52.92           FTP      Response: 230 Anonymous user logged in.

Frame 10: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef)
Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 100, Ack: 30, Len: 31
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     11 17560.928894 10.74.52.92           10.77.21.166          TCP      34756 > ftp [ACK] Seq=30 Ack=131 Win=5888 Len=0 TSV=560314781 TSER=14676602

Frame 11: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 30, Ack: 131, Len: 0

 

5.请求当前的路径

No.     Time        Source                Destination           Protocol Info
     12 17810.419089 10.74.52.92           10.77.21.166          FTP      Request: PWD

Frame 12: 71 bytes on wire (568 bits), 71 bytes captured (568 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 30, Ack: 131, Len: 5
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     13 17810.521822 10.77.21.166          10.74.52.92           FTP      Response: 257 "/" is current directory.

Frame 13: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef)
Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 131, Ack: 35, Len: 31
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     14 17810.521862 10.74.52.92           10.77.21.166          TCP      34756 > ftp [ACK] Seq=35 Ack=162 Win=5888 Len=0 TSV=560376825 TSER=14679098

Frame 14: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 35, Ack: 162, Len: 0

 

6. 请求feature，貌似服务器不支持

No.     Time        Source                Destination           Protocol Info
     15 18651.095674 10.74.52.92           10.77.21.166          FTP      Request: FEAT

Frame 15: 72 bytes on wire (576 bits), 72 bytes captured (576 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 35, Ack: 162, Len: 6
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     16 18651.198840 10.77.21.166          10.74.52.92           FTP      Response: 500 'FEAT': command not understood

Frame 16: 102 bytes on wire (816 bits), 102 bytes captured (816 bits)
Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef)
Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 162, Ack: 41, Len: 36
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     17 18651.198891 10.74.52.92           10.77.21.166          TCP      34756 > ftp [ACK] Seq=41 Ack=198 Win=5888 Len=0 TSV=560585832 TSER=14687505

Frame 17: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 41, Ack: 198, Len: 0

 

7. 不知道这是啥命令

No.     Time        Source                Destination           Protocol Info
     18 18888.285635 10.74.52.92           10.77.21.166          FTP      Request: HELP SITE

Frame 18: 77 bytes on wire (616 bits), 77 bytes captured (616 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 41, Ack: 198, Len: 11
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     19 18888.392638 10.77.21.166          10.74.52.92           FTP      Response: 214 Syntax: SITE (site-specific commands)

Frame 19: 109 bytes on wire (872 bits), 109 bytes captured (872 bits)
Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef)
Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 198, Ack: 52, Len: 43
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     20 18888.392677 10.74.52.92           10.77.21.166          TCP      34756 > ftp [ACK] Seq=52 Ack=241 Win=5888 Len=0 TSV=560644797 TSER=14689876

Frame 20: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 52, Ack: 241, Len: 0

 

8. 同样不知道这是啥命令

No.     Time        Source                Destination           Protocol Info
     21 19426.362670 10.74.52.92           10.77.21.166          FTP      Request: CLNT NcFTP 3.2.4 linux-x86-glibc2.6

Frame 21: 103 bytes on wire (824 bits), 103 bytes captured (824 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 52, Ack: 241, Len: 37
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     22 19426.465881 10.77.21.166          10.74.52.92           FTP      Response: 500 'CLNT NcFTP 3.2.4 linux-x86-glibc2.6': command not understood

Frame 22: 133 bytes on wire (1064 bits), 133 bytes captured (1064 bits)
Ethernet II, Src: Cisco_2c:6a:80 (00:18:74:2c:6a:80), Dst: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef)
Internet Protocol, Src: 10.77.21.166 (10.77.21.166), Dst: 10.74.52.92 (10.74.52.92)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34756 (34756), Seq: 241, Ack: 89, Len: 67
File Transfer Protocol (FTP)

No.     Time        Source                Destination           Protocol Info
     23 19426.465939 10.74.52.92           10.77.21.166          TCP      34756 > ftp [ACK] Seq=89 Ack=308 Win=5888 Len=0 TSV=560778555 TSER=14695257

Frame 23: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Tp-LinkT_2c:b6:ef (00:19:e0:2c:b6:ef), Dst: Cisco_52:62:08 (00:19:55:52:62:08)
Internet Protocol, Src: 10.74.52.92 (10.74.52.92), Dst: 10.77.21.166 (10.77.21.166)
Transmission Control Protocol, Src Port: 34756 (34756), Dst Port: ftp (21), Seq: 89, Ack: 308, Len: 0

 

ok，整个过程结束，算是登录成功了。