Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


ftp uncertainties...

Posted on 1998-05-12
Medium Priority
Last Modified: 2013-12-23

Lately, for some god-only-knows reason, I've become obsessed with trying to telnet to an ftp port, login, and get LIST to work!  This, however, seems to be beyond my humble capabilites because everytime I try, the ftp daemon and I do a little dance that goes kinda' like this...

220 Server ready.
<user dude>
331 Password required for dude.
<pass duder>
230 User dude logged in.
<list> or <nlst> or whatever you like...
425 Can't build data connection: Connection refused.

Draaah!!!  Stupid thing!  Okay - I think I have a lead though, and that is this mystical PORT command - typing HELP PORT (the HELP command goes through nicely, even in my impotent state) gives me the OH-SO-HELPFUL...
PORT <sp> h1,h2,h3,h4,p1,p2

I figured out quickly enough that the h? quadruplets represent a dotted quad, and I just *know* that the last two are a 16-bit number describing my local port, BUT - I just read that in a file somewhere. ;)  No other clues here.  If I were stubborn, I'd keep cussing at the search engines to give me an RFC or a FAQ with some useful information.  And I am stubborn... :) But why waste time when you have experts-exchange, eh? SO - pardon the simple stupidity of this question, and as for the category, it's really a "networking in general" question - but there isn't that category.  And I figured unix networking is the purest form of TCP/IP.  So.  Any answers out there?

Question by:johnny_5
  • 2
  • 2

Expert Comment

ID: 1582245
As far as know what you are trying to do is impossble (unless you are trying to find some security holes in ftp).

Whenever you connect to an 'ftp port', the other site will redirect your request to the 'ftp'-daemon process. As i don't know the internals of both telnet and ftp, it seems quiet reasonable to me that don't understand the special command which only exists in one of both programs. You can login because that is some 'generally' shared code amongst these programs, but besides this they have not that must in common.

Author Comment

ID: 1582246
Well, what I mean when I say that I telnet to that port, I mean that I'm just using the telnet program as a tcp/ip interpreter to get me some kind of text response and so I can send some kind of text command.  I'm trying to put together an ftp client of sorts, and I keep having the same problems trying to interface to the ftp servers.  That's all - I know there's a way - I watch CuteFTP send the PORT command before every LIST, NLST, etc.  I just personally don't know what those last two numbers are...

Thanks though!


Expert Comment

ID: 1582247
Just a guess, couldn't it be that they are checking to see if the correct kind of program is at the other site?

If in Unix we talk about ports, most of the times some kind of service is referred to. So check the matching of port numbers and services, you can verify (on unix) the /etc/services file.

just my $.02 (now)

Accepted Solution

bertvermeerbergen earned 200 total points
ID: 1582248
There is something you can do, but it is more complex than what you've tried.
The first commands are working because they use the control connection you've setup by connection to port 21 via telnet.
The LIST command however is handled internally as a file transfer and therefor needs its own data connection.
The server is trying to connect to your side of this connection, but is failing because you did not setup one, and I do not see how this can be done with a telnet client program.
A normal ftp client would have created his side of the required data connection, allocating a local port.  It would then send this port (in the PORT command ...) to the server.  In response, the server will connect to this port and sends the 'list'.
Although of limited practical use, here is something you can do:
You use two telnet sessions, connecting one to the ftp on the host you want the list from, and one to ftp on your local host.
Login to both (like you did before) and set the remote ftp in passive mode with the PASV command.  This will in fact create one side of the data connection, and will return the port value.
The you send the LIST command to the same remote ftp session.
Send the PORT command to the local ftp, specifying the values you got back from the remote ftp in response to PASV.  This will tell the local ftp that it should connect to this port for the next data transfer.
Finally send a STOR command to the local ftp, specifying the destination file on your local host.  It is a 'file' transfer, but you could specify your terminal device file to see the list on screen.
Following are the session summaries on my linux system:

Remote ftp (actually this was the same system):
> USER ...
> PASS ...
> 227 entering passive mode (127,0,0,1,4,12)
Nothing happens here until the STOR is send to the local ftp
> 150 opening connection for /bin/ls
> 226 transfer complete

Local ftp:
> USER ...
> PASS ...
> PORT 127,0,0,1,4,12
> 200 Port command succesful
> STOR /dev/tty3
> 150 opening connection for /dev/tty3
> 226 transfer complete

What you are actually doing here is simulating an ftp client doing
a proxy file transfer between two hosts while running itself on a third one.  It opens two (telnet protocol) control connections to do this, and sends the commands as described above.
If you want to write an ftp client, it must implement the data connection handling in addition to the control connection that you were handling in the telnet session.

Hope this helps

Author Comment

ID: 1582249
Thank you!  That's EXACTLY what I wanted to know.  Okay - I got it now - I was thinking I would have to do something along those lines, but I wasn't sure specifically... What ended up happening was that I was putting the control connection (the first one) into passive mode and issuing the port command to it, but that wasn't quite working right.  What I needed was a second connection.  Just trying to write an FTP client from scratch is all, and I wanted to know if it was going to be worth it or not.

Thanks again!


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question