Wireshark · Wireshark-users: Re: [Wireshark-users] Analyzing a "broken" FTP session

Wireshark-users: Re: [Wireshark-users] Analyzing a "broken" FTP session

From: Sake Blok <sake@xxxxxxxxxx>

Date: Fri, 21 Aug 2009 21:56:23 +0200

On Fri, Aug 21, 2009 at 10:28:31AM -0700, Chivian, John wrote:
> 
> Network information:
> The systems are both operating at 100 Mb/s.
> They are both in the same physical location.
> Client <-> Switch <-> Router <-> Switch <-> Server

Looking at the tracefiles, it seems that the router is not just a
router, it looks like a security device (PIX, ASA, FWSM, ACE, etc). Is
that correct?

> The problem is generally seen with FTP sessions involving hundreds of 
> small files.
> 
> I understand that the issue may be network as opposed to server 
> related, and I understand that the packet captures may not contain 
> enough information to make a definitive judgment.

The traces tell me that the problem is on the server-side. Somehow the
server is not accepting valid packets, as if there is data missing. Are
you running some form of NAT or FW on the server too (iptables,
netfilter, etc)?

Cheers,
     Sake

Follow-Ups:
- Re: [Wireshark-users] Analyzing a "broken" FTP session
  - From: Alex Lindberg

References:
- [Wireshark-users] Analyzing a "broken" FTP session
  - From: Chivian, John
- Re: [Wireshark-users] Analyzing a "broken" FTP session
  - From: Martin Visser
- Re: [Wireshark-users] Analyzing a "broken" FTP session
  - From: Chivian, John

Prev by Date: [Wireshark-users] Searching for encryption method
Next by Date: [Wireshark-users] MATE "Character Chop Off"
Previous by thread: Re: [Wireshark-users] Analyzing a "broken" FTP session
Next by thread: Re: [Wireshark-users] Analyzing a "broken" FTP session
Index(es):
- Date
- Thread