?
Solved

Urgent: Batch file to Check FTP connectivity issues

Posted on 2006-05-03
25
Medium Priority
?
753 Views
Last Modified: 2013-11-29
Hello Experts.
I want to write a batch file(using DOS script or UNIX script), which could be used to check FTP connectivity issues. The script should check the followings and generate a log file, with connection status information

1.)      Detect any firewall issues for both active and passive modes
2.)      Detect which firewall has got the issue ( client or server )
3.)      Check for any file transfer and time out issues.
4.)      Detect any user name password issues.
5.)      The speed of the connection.

First two points are highly important to me.( I can give full points for those two)
Also I will prefer for some other languages like VB, Java, C, ..etc.( Other than DOS or UNIX shell scripts)

I just want a solution which can run on LINUX or WINDOWS.

BR Dushan
0
Comment
Question by:Dushan De Silva
  • 9
  • 7
  • 2
  • +5
25 Comments
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 750 total points
ID: 16597592
1.) impossible, i.g.
2.) impossible, i.g.

what are "issues" for you?
0
 
LVL 17

Author Comment

by:Dushan De Silva
ID: 16597796
We are always facing these problem since we are providing Integration solutions for customers. Most of our solutions are FTP , HTTP, EMAIL, ..etc based. We are having lots of clients. And as expereinced we are always facing these firewall issues. So we are spending more times for check these firewall issues other than our futher developments or testings.

Recently we have delivered big product with lots of cutomers/sub customers/ careers.. etc.
Now most of there are on installation and testing process. So we are facing these problems always around 100/200 daily. Still 10% of customers are on process. Difinitly we will be on problem in future to sit and recover these firewall issues.

I WOULD REALLY APPRECIATE , AT LEAST ANY ONE CAN GIVE SOME KIND OF TECHNIC OR SOME EASY WAY.

BR DUSHAN

0
 
LVL 86

Expert Comment

by:CEHJ
ID: 16597884
ahoffman is right. Shell scripting/batch files are an impossible approach
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 17

Author Comment

by:Dushan De Silva
ID: 16597914
I'm prefer any other language which can run on WINDOWS or LINUX.(as mentioned in Initial post).

BR Dushan
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 16598019
You need a cross-platform implementation - try Java. No - i'm not being partial and no, i'm not going to write it ;-) It's not trivial eitherand that's if all of it is even possible
0
 
LVL 17

Author Comment

by:Dushan De Silva
ID: 16598207
Hello CEHJ,
Could you guide for it, I'm having Java knowledge.

BR Dushan
0
 
LVL 19

Expert Comment

by:Montoya
ID: 16598742
Dushan, there are ActiveX tools that will do that. YOu will have to find them in MSDN. This is outside my area of expertise. However, if you look at the new Microsoft Virtual Labs, they use the browser and some Active X controls to test firewall ports, throughput, etc... FTP functionality is not in there, but once you figure out the Firewall stuff, the rest should be cake. I hope that helps a bit.
0
 
LVL 17

Author Comment

by:Dushan De Silva
ID: 16598868
Thanks Iammontoya, And I'm really happy to hear some solution is there.

But actually this is bit urgent. And I need a solution which should at least guide for me. Then I can take first step to design it.
Could you kindly provide some more details which will guide for me.

AND FIRST THING I WANTS TO KNOWS IS HOW IT WORKS. (THIS SHOULD WORK TO CHECK OUR SIDE FIREWALL INCOMMING/OUTGOING AND OTHER END INCOMMING/OUTGOING PORTS AS REQUIRED IN FTP ACTIVE OR PASSIVE MODES.)

BR Dushan
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 750 total points
ID: 16599113
oops, forgot to mention hping for 1.), 2.) 3.) and 5.)
but you still cannot detect a proper configured firewall, just if the ports are reachable
0
 
LVL 9

Assisted Solution

by:smidgie82
smidgie82 earned 300 total points
ID: 16600297
This is not a trivial project, unfortunately.  But if you need it urgently, you might be able to piece together some already-available tools to accomplish MOST of what you need:

1.)     Detect any firewall issues for both active and passive modes

As ahoffmann suggests, hping will work for port scanning, which will at least let you know whether requests on certain ports are making it through the firewall.  Though, if you use such a utility and get no reply, you'll have to come up with another way of validating whether the firewall blocked a request or if it was dropped by a glitch in the network before reaching the end host.

The nice thing about hping is that it is scriptable, which allows for more versatility.

2.)     Detect which firewall has got the issue ( client or server )

You'll need to be running a packet capture / analysis program on both the client and the server to see what's going on here.  And if you're using firewalls on the gateways at each network, you'll need to do the same for them to establish exactly which firewall is misbehaving.  Sorry, no easy solution here.

3.)     Check for any file transfer and time out issues.

If you're just wanting to test FTP, this should be fairly easy.  For instance, create a list of commands that will connect to the server and upload a file.  Pipe those commands to a command-line FTP client.  If the file ends up on the other end, you're good.  If you're going to a linux or unix box and just want to test the speed of the connection, you can use SCP or something similar.  

4.)     Detect any user name password issues.

This is too vague to really tackle as it's stated.  Do you want to detect username and password issues for an FTP server?  A linux server?  A kerberos server?  A Windows desktop?  Each one will require a different solution, though for linux and ftp it'll be pretty easy to validate a single user's ability to login.

5.)     The speed of the connection.

I'm sure there are already utilities for this, but I don't know any offhand.  Writing a little client / server app to do it yourself shouldn't be too hard, if you want to go that way.
0
 
LVL 41

Assisted Solution

by:HonorGod
HonorGod earned 150 total points
ID: 16601407
I would look into using Perl (possibly Expect, but that is less portable).

A Perl module (Net::FTP) exists that can be used to perform file transferrs.
The module can be found here: http://search.cpan.org/~gbarr/libnet-1.19/Net/FTP.pm
Example code can be found here: http://www.csh.rit.edu/~adam/Progs/
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16603134
> (possibly Expect, but that is less portable)
do you know a platform wher expect does not work?
Anyway, neither perl nor tcl can identify a proper configured firewall.
0
 
LVL 5

Assisted Solution

by:Dragon_Krome
Dragon_Krome earned 150 total points
ID: 16605029
You could try to use nagios (http://www.nagios.org/about/) , but it is a complex solution to what you requested. There is also GFI NetMonitor (http://www.gfi.com/nsm/nsmfeatures.htm) which could be useful.

I wouldn't add more to what's been said already, except for "Detect any user name password issues",
where i think you want a security audit tool, like languard (www.gfi.com) or nessus (www.nessus.org).



0
 
LVL 4

Assisted Solution

by:dmccurdy51
dmccurdy51 earned 150 total points
ID: 16611811
Well I think you are trying to accomplish too much at the start, determining whether you have transmission issue or not is the #1 priority.  Checking which firewall via a script will require quite a bit more.  You will need to own most if not all of the network equipment in the middle and it will not be able to change.  Let’s work with what we have.  

To verify the connection and that the port is not blocked do the following:  Microsoft has provided a utility in 2003 and should be able work from any workstation.
Portqry.exe.
           returns 0 if port is listening
           returns 1 if port is not listening
           returns 2 if port is listening or filtered

Batchfile
portqry -n Ip-Of-ftpserver -e 23   'will check if port 23 on the ftp server is available
if %errorlevel% = 0 then goto end     ‘no problem found exit script
rem Since all other entries will detect a problem, use a command line email program to get notified
mailprogram help@help.com -msg "Client xcompany ftp problem."

:end
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16612382
What should all those tools and suggestion help? It's just useless guessing.
A proper configured firewall can not be detected, you even can't proove for shure that there is one. Dot. Period.
(not talking about sophisticated stealth scans withfingerprinting over all ports)
0
 
LVL 17

Author Comment

by:Dushan De Silva
ID: 16612409
Thank every one for great efforts!
Yes ahoffmann.
I'm still trying with all the suggested posts. And trying with all options of those. But still I coludn't find a proper solution. If anyone already has done anything similar to this please let me know.
Or at least anyone has partially test this thing , I can develop other things.

BR Dushan
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16612485
hmm, a solution for what are you missing? As said above, you cannot identify a proper configured firewall.
You just can identify if there is a service listening and answering on a port, that's what hping is for.
0
 
LVL 17

Author Comment

by:Dushan De Silva
ID: 16612501
Do I have to install hping on client side?

BR Dushan
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 16614467
>> post(s) by ahoffman:
>> Anyway, neither perl nor tcl can identify a proper configured firewall.
...
>> (not talking about sophisticated stealth scans withfingerprinting over all ports)

  Well, if you restrict the way in which the "testing" can be done, then, I agree with your first statement.
A "properly configured firewall" will let "appropriate" traffic through, just like "no firewill" will.

  So, it goes back to the question, "How much time, and effort is allowed/available to determine whether a firewall is 'properly configured'?"

  If one does not have direct access to the firewall machine, and its configuration, then the only way to "thoroughly" test would be to use something likie ... "sophisticated stealth scans withfingerprinting over all ports"...

 
0
 
LVL 4

Expert Comment

by:dmccurdy51
ID: 16614707
I see value in determining if a route and or port is blocked so you can be proactive.  I see no value in determining automagically what device or software is blocking it.  You will still have to get involved manually to resolve the issue, and you will only be able to see as far as the first problem.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16615151
> Do I have to install hping on client side?
no
0
 
LVL 17

Author Comment

by:Dushan De Silva
ID: 16627950
Hello,
I couldn't find my requirements as in my intial post from hping. Please let me know, any one has done any script from hping. As I feels hping is doing same functionality in telnet command. Becuase using simple telnet commands I can achieve same functionality.
I want to check ports both incomming and outgoing on client and server side, are correctly opened or not.
If not opened, then in which server(firewall) and which port.
You can have idea about ports from following diagrams regarding FTP passive and active connectivity.

http://slacksite.com/images/ftp/passiveftp.gif
http://slacksite.com/images/ftp/activeftp.gif
BR Dushan
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 750 total points
ID: 16628133
> ..  ports both incomming and outgoing on client and server side, are correctly opened or not.
if hping returns without an error, then both ends are open

> If not opened, then in which server(firewall) and which port.
as said multiple times above, impossible (or ask the administrator)
You might do a full port scan (1-65535), but that is not a bullet prof method that the identified open ports are those you expect to be.

well, "impossible" means that there is no tool to do it as you want it to be, of corse you may write a sophisticated script for fingerprinting which might work in most cases, but I guess that it is impossible for 100%

Why not simply do a hping, and if the port is not open as you expect it, then punish the responsible admin.
0
 
LVL 17

Author Comment

by:Dushan De Silva
ID: 16638017
Anyone else having a solution..............

BR Dushan
0
 
LVL 17

Author Comment

by:Dushan De Silva
ID: 16658890
Thanks for every one's input!!
I didn't found proper solution for my first  two points. If anyone could find please let me know any day ;).

BR Dushan
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question