Traffic Dump Query Local and External dump of traffic

Heyas,

I've been having troubles uploading files to an ftp site. I have had the network admin do a internal and an external dump of network traffic on the router iam connected filtering by ip address. I am just wondering what does internal and external mean in terms of network traffic just for my own info and why are both needed troubleshoot this issue?

Any assistance would be appecriated, bear in mind a network novice.

Thank you.
ZackGeneral IT Goto GuyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
In most environments you have a network router that decides if traffic should stay "inside" your network or be forwarded to another network, say like the Internet.

"Internal" traffic is traffic that is on the "inside" of this device and "external" traffic is the traffic that is on the "outside" of this device.

YourPC <--- Inside Network --> Router <--- Outside Network ---> FTP Server

In this instance "Outside  Network" would be the Internet.
0
ZackGeneral IT Goto GuyAuthor Commented:
Hi Giltjr,

Thank you for info. Why would both be needed to troubleshoot the issue?
0
giltjrCommented:
To see what is going on.   This gives you a "picture" of what is going on inside your network and outside your network to help isolate  where the problem might be or to eliminate something.

What data/requests are being sent to the server and what is it responding with.
0
AlexPaceCommented:
Specific to FTP you will want to look at the client command and server response during the negotiation of the data channel.  

Your FTP connection will be on the control channel which is typically port 21.  Later, during the session when it comes time for the client to request a directory listing or transfer a file then you will see a the data channel negotiation.  

If the client is using Active Mode data channels, you will see the client send the PORT command.  After the PORT command are 6 numbers that represent the client's IP address and listening port.  The server is supposed to connect to this address and port to transfer the  file or folder listing.  

On many networks the computer serving as the FTP client does not have a public IP address so, after the PORT command, you will see a private address like 192.168.1.3 or 10.10.2.45.  Obviously the FTP Server computer can't actually connect to such an address because it is private to your network.  The firewall is supposed to snoop the FTP control channel and dynamically replace these private addresses with a public address that the remote FTP server can actually use.  You can find out if this is happening by comparing the internal and external logs.

If the FTP client is using Passive Mode data channels you will see the PASV command instead of the PORT command.  In this mode, the server specifies the IP address and port number and then the client makes an outbound connection request for the file transfers and directory listings.  Sometimes the server's PASV response contains a private address.  The firewall should fix this on the fly but sometimes it doesn't.  Many modern FTP clients recognize a private IP address on a PASV response and they are programmed to automatically ignore it and use the public connection address as the data channel address... the reason is that a mis-configured firewall is far more likely than a server that legitimately uses a different IP address for data channels than for control channels.  Although such a thing is technically allowed by the official FTP specification it almost never actually happens in the wild.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ZackGeneral IT Goto GuyAuthor Commented:
Thank you so much for the info.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.