• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 758
  • Last Modified:

Urgent: Batch file to Check FTP connectivity issues

Hello Experts.
I want to write a batch file(using DOS script or UNIX script), which could be used to check FTP connectivity issues. The script should check the followings and generate a log file, with connection status information

1.)      Detect any firewall issues for both active and passive modes
2.)      Detect which firewall has got the issue ( client or server )
3.)      Check for any file transfer and time out issues.
4.)      Detect any user name password issues.
5.)      The speed of the connection.

First two points are highly important to me.( I can give full points for those two)
Also I will prefer for some other languages like VB, Java, C, ..etc.( Other than DOS or UNIX shell scripts)

I just want a solution which can run on LINUX or WINDOWS.

BR Dushan
0
Dushan De Silva
Asked:
Dushan De Silva
  • 9
  • 7
  • 2
  • +5
7 Solutions
 
ahoffmannCommented:
1.) impossible, i.g.
2.) impossible, i.g.

what are "issues" for you?
0
 
Dushan De SilvaTechnology ArchitectAuthor Commented:
We are always facing these problem since we are providing Integration solutions for customers. Most of our solutions are FTP , HTTP, EMAIL, ..etc based. We are having lots of clients. And as expereinced we are always facing these firewall issues. So we are spending more times for check these firewall issues other than our futher developments or testings.

Recently we have delivered big product with lots of cutomers/sub customers/ careers.. etc.
Now most of there are on installation and testing process. So we are facing these problems always around 100/200 daily. Still 10% of customers are on process. Difinitly we will be on problem in future to sit and recover these firewall issues.

I WOULD REALLY APPRECIATE , AT LEAST ANY ONE CAN GIVE SOME KIND OF TECHNIC OR SOME EASY WAY.

BR DUSHAN

0
 
CEHJCommented:
ahoffman is right. Shell scripting/batch files are an impossible approach
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Dushan De SilvaTechnology ArchitectAuthor Commented:
I'm prefer any other language which can run on WINDOWS or LINUX.(as mentioned in Initial post).

BR Dushan
0
 
CEHJCommented:
You need a cross-platform implementation - try Java. No - i'm not being partial and no, i'm not going to write it ;-) It's not trivial eitherand that's if all of it is even possible
0
 
Dushan De SilvaTechnology ArchitectAuthor Commented:
Hello CEHJ,
Could you guide for it, I'm having Java knowledge.

BR Dushan
0
 
MontoyaProcess Improvement MgrCommented:
Dushan, there are ActiveX tools that will do that. YOu will have to find them in MSDN. This is outside my area of expertise. However, if you look at the new Microsoft Virtual Labs, they use the browser and some Active X controls to test firewall ports, throughput, etc... FTP functionality is not in there, but once you figure out the Firewall stuff, the rest should be cake. I hope that helps a bit.
0
 
Dushan De SilvaTechnology ArchitectAuthor Commented:
Thanks Iammontoya, And I'm really happy to hear some solution is there.

But actually this is bit urgent. And I need a solution which should at least guide for me. Then I can take first step to design it.
Could you kindly provide some more details which will guide for me.

AND FIRST THING I WANTS TO KNOWS IS HOW IT WORKS. (THIS SHOULD WORK TO CHECK OUR SIDE FIREWALL INCOMMING/OUTGOING AND OTHER END INCOMMING/OUTGOING PORTS AS REQUIRED IN FTP ACTIVE OR PASSIVE MODES.)

BR Dushan
0
 
ahoffmannCommented:
oops, forgot to mention hping for 1.), 2.) 3.) and 5.)
but you still cannot detect a proper configured firewall, just if the ports are reachable
0
 
smidgie82Commented:
This is not a trivial project, unfortunately.  But if you need it urgently, you might be able to piece together some already-available tools to accomplish MOST of what you need:

1.)     Detect any firewall issues for both active and passive modes

As ahoffmann suggests, hping will work for port scanning, which will at least let you know whether requests on certain ports are making it through the firewall.  Though, if you use such a utility and get no reply, you'll have to come up with another way of validating whether the firewall blocked a request or if it was dropped by a glitch in the network before reaching the end host.

The nice thing about hping is that it is scriptable, which allows for more versatility.

2.)     Detect which firewall has got the issue ( client or server )

You'll need to be running a packet capture / analysis program on both the client and the server to see what's going on here.  And if you're using firewalls on the gateways at each network, you'll need to do the same for them to establish exactly which firewall is misbehaving.  Sorry, no easy solution here.

3.)     Check for any file transfer and time out issues.

If you're just wanting to test FTP, this should be fairly easy.  For instance, create a list of commands that will connect to the server and upload a file.  Pipe those commands to a command-line FTP client.  If the file ends up on the other end, you're good.  If you're going to a linux or unix box and just want to test the speed of the connection, you can use SCP or something similar.  

4.)     Detect any user name password issues.

This is too vague to really tackle as it's stated.  Do you want to detect username and password issues for an FTP server?  A linux server?  A kerberos server?  A Windows desktop?  Each one will require a different solution, though for linux and ftp it'll be pretty easy to validate a single user's ability to login.

5.)     The speed of the connection.

I'm sure there are already utilities for this, but I don't know any offhand.  Writing a little client / server app to do it yourself shouldn't be too hard, if you want to go that way.
0
 
HonorGodSoftware EngineerCommented:
I would look into using Perl (possibly Expect, but that is less portable).

A Perl module (Net::FTP) exists that can be used to perform file transferrs.
The module can be found here: http://search.cpan.org/~gbarr/libnet-1.19/Net/FTP.pm
Example code can be found here: http://www.csh.rit.edu/~adam/Progs/
0
 
ahoffmannCommented:
> (possibly Expect, but that is less portable)
do you know a platform wher expect does not work?
Anyway, neither perl nor tcl can identify a proper configured firewall.
0
 
Dragon_KromeCommented:
You could try to use nagios (http://www.nagios.org/about/) , but it is a complex solution to what you requested. There is also GFI NetMonitor (http://www.gfi.com/nsm/nsmfeatures.htm) which could be useful.

I wouldn't add more to what's been said already, except for "Detect any user name password issues",
where i think you want a security audit tool, like languard (www.gfi.com) or nessus (www.nessus.org).



0
 
dmccurdy51Commented:
Well I think you are trying to accomplish too much at the start, determining whether you have transmission issue or not is the #1 priority.  Checking which firewall via a script will require quite a bit more.  You will need to own most if not all of the network equipment in the middle and it will not be able to change.  Let’s work with what we have.  

To verify the connection and that the port is not blocked do the following:  Microsoft has provided a utility in 2003 and should be able work from any workstation.
Portqry.exe.
           returns 0 if port is listening
           returns 1 if port is not listening
           returns 2 if port is listening or filtered

Batchfile
portqry -n Ip-Of-ftpserver -e 23   'will check if port 23 on the ftp server is available
if %errorlevel% = 0 then goto end     ‘no problem found exit script
rem Since all other entries will detect a problem, use a command line email program to get notified
mailprogram help@help.com -msg "Client xcompany ftp problem."

:end
0
 
ahoffmannCommented:
What should all those tools and suggestion help? It's just useless guessing.
A proper configured firewall can not be detected, you even can't proove for shure that there is one. Dot. Period.
(not talking about sophisticated stealth scans withfingerprinting over all ports)
0
 
Dushan De SilvaTechnology ArchitectAuthor Commented:
Thank every one for great efforts!
Yes ahoffmann.
I'm still trying with all the suggested posts. And trying with all options of those. But still I coludn't find a proper solution. If anyone already has done anything similar to this please let me know.
Or at least anyone has partially test this thing , I can develop other things.

BR Dushan
0
 
ahoffmannCommented:
hmm, a solution for what are you missing? As said above, you cannot identify a proper configured firewall.
You just can identify if there is a service listening and answering on a port, that's what hping is for.
0
 
Dushan De SilvaTechnology ArchitectAuthor Commented:
Do I have to install hping on client side?

BR Dushan
0
 
HonorGodSoftware EngineerCommented:
>> post(s) by ahoffman:
>> Anyway, neither perl nor tcl can identify a proper configured firewall.
...
>> (not talking about sophisticated stealth scans withfingerprinting over all ports)

  Well, if you restrict the way in which the "testing" can be done, then, I agree with your first statement.
A "properly configured firewall" will let "appropriate" traffic through, just like "no firewill" will.

  So, it goes back to the question, "How much time, and effort is allowed/available to determine whether a firewall is 'properly configured'?"

  If one does not have direct access to the firewall machine, and its configuration, then the only way to "thoroughly" test would be to use something likie ... "sophisticated stealth scans withfingerprinting over all ports"...

 
0
 
dmccurdy51Commented:
I see value in determining if a route and or port is blocked so you can be proactive.  I see no value in determining automagically what device or software is blocking it.  You will still have to get involved manually to resolve the issue, and you will only be able to see as far as the first problem.
0
 
ahoffmannCommented:
> Do I have to install hping on client side?
no
0
 
Dushan De SilvaTechnology ArchitectAuthor Commented:
Hello,
I couldn't find my requirements as in my intial post from hping. Please let me know, any one has done any script from hping. As I feels hping is doing same functionality in telnet command. Becuase using simple telnet commands I can achieve same functionality.
I want to check ports both incomming and outgoing on client and server side, are correctly opened or not.
If not opened, then in which server(firewall) and which port.
You can have idea about ports from following diagrams regarding FTP passive and active connectivity.

http://slacksite.com/images/ftp/passiveftp.gif
http://slacksite.com/images/ftp/activeftp.gif
BR Dushan
0
 
ahoffmannCommented:
> ..  ports both incomming and outgoing on client and server side, are correctly opened or not.
if hping returns without an error, then both ends are open

> If not opened, then in which server(firewall) and which port.
as said multiple times above, impossible (or ask the administrator)
You might do a full port scan (1-65535), but that is not a bullet prof method that the identified open ports are those you expect to be.

well, "impossible" means that there is no tool to do it as you want it to be, of corse you may write a sophisticated script for fingerprinting which might work in most cases, but I guess that it is impossible for 100%

Why not simply do a hping, and if the port is not open as you expect it, then punish the responsible admin.
0
 
Dushan De SilvaTechnology ArchitectAuthor Commented:
Anyone else having a solution..............

BR Dushan
0
 
Dushan De SilvaTechnology ArchitectAuthor Commented:
Thanks for every one's input!!
I didn't found proper solution for my first  two points. If anyone could find please let me know any day ;).

BR Dushan
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 9
  • 7
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now