wireshark对于这个FTP的流量包会解析成三种协议来显示:TCP,FTP和FTP-DATA。wireshark把带有FTP控制信息的解析为FTP,对于至传输了文件内容或者命令执行结果的FTP数据包解析称FTP-DATA。
从FTP开始建立,先是3个包,完成三次握手过程,当服务器端准备好了,会主动发送response code:220 代表:Service ready for new user,意思是服务器端做好了用户登录的准备。
上图打开的数据包是客户端向服务端发送的命令,FTP命令传输的格式均为:
command arg即命令 参数。可以看到客户端发送了USER ftp,使用用户名ftp登录这台FTP服务器,同理下面发送密码也是如此。
客户端发送请求以FTP用户名登录后,服务端回复,要求密码。返回码331,用户是ftp,要求密码
注意:FTP服务无论这个用户是否存在,都会要求输入密码,客户端发送密码后,认证成功,服务器端回复230用户登录成功,并返回当前目录/在FTP根目录
PASV:为了解决服务器发起到客户的连接的问题(防火墙问题),人们开发了一种不同的FTP连接方式。这就是所谓的被动方式,或者叫做PASV,当客户端通知服务器它处于被动模式时才启用。
在被动方式FTP中,命令连接和数据连接都由客户端,这样就可以解决从服务器到客户端的数据端口的入方向连接被防火墙过滤掉的问题。当开启一个FTP连接时,客户端打开两个任意的非特权本地端口(N >; 1024和N+1)。第一个端口连接服务器的21端口,但与主动方式的FTP不同,客户端不会提交PORT命令并允许服务器来回连它的数据端口,而是提交PASV命令。这样做的结果是服务器会开启一个任意的非特权端口(P >; 1024),并发送PORT P命令给客户端。然后客户端发起从本地端口N+1到服务器的端口P的连接用来传送数据。227 FTP Response codeThis is the response given by the server to the PASV command. It indicates that the server is ready for the client to connect to it for the purpose of establishing a data connection. The format of this response is important because the client software must be capable of parsing out the connection information it contains. The values h1 to h4 are the IP addresses that the server is listening on. The values p1 to p2 are used to calculate the port that the server is listening on using the following formula: PASV port = (p1 * 256) + p2.Example response227 Entering Passive Mode (h1, h2, h3, h4, p1, p2)
RETR FTP commandA client issues the RETR command after successfully establishing a data connection when it wishes to download a copy of a file on the server. The client provides the file name it wishes to download along with the RETR command. The server will send a copy of the file to the client. This command does not affect the contents of the server's copy of the file.
150 FTP Response codeThe server may use this reply code in response to a command initiating a file transfer before establishing the data connection over which the file transfer will occur. A PASV or PORT command should have been issued prior to the command receiving the 150 response code. After sending or receiving this response, the server/client may begin sending data over the data connection.
没有评论:
发表评论