FTPD packet level debugging information required - Aix

This is a discussion on FTPD packet level debugging information required - Aix ; Hello, I am working with aix 4.3.2 and the ftpd version is 4.1. I have a requirement to monitor all the ftp packets that go out of the server. I tried using the '-d' , '-l' and the '-s' options ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: FTPD packet level debugging information required

  1. FTPD packet level debugging information required

    Hello,

    I am working with aix 4.3.2 and the ftpd version is 4.1. I have a
    requirement to monitor all the ftp packets that go out of the server.
    I tried using the '-d' , '-l' and the '-s' options already available
    with the ftpd command. I also modified the /etc/syslog.conf file. This
    is the information I get from the logs created by the syslogd:

    Sep 15 17:55:24 host5 ftpd[28294]: connection from host9 at Mon Sep 15
    17:55:24 2008
    Sep 15 17:55:24 host5 ftpd[28294]: <--- 220
    Sep 15 17:55:24 host5 ftpd[28294]: host5 FTP server (Version 4.1 Fri
    Feb 12 13:15:17 CST 1999) ready.
    Sep 15 17:55:26 host5 ftpd[28294]: command: USER root^M
    Sep 15 17:55:26 host5 ftpd[28294]: <--- 331
    Sep 15 17:55:26 host5 ftpd[28294]: Password required for root.
    Sep 15 17:55:27 host5 ftpd[28294]: command: PASS
    Sep 15 17:55:27 host5 ftpd[28294]: <--- 230
    Sep 15 17:55:27 host5 ftpd[28294]: User root logged in.
    Sep 15 17:55:27 host5 ftpd[28294]: FTP LOGIN FROM host9, root
    Sep 15 17:55:28 host5 ftpd[28294]: command: TYPE I^M
    Sep 15 17:55:28 host5 ftpd[28294]: <--- 200
    Sep 15 17:55:28 host5 ftpd[28294]: Type set to I.
    Sep 15 17:55:35 host5 ftpd[28294]: command: CWD /home^M
    Sep 15 17:55:35 host5 ftpd[28294]: <--- 250
    Sep 15 17:55:35 host5 ftpd[28294]: CWD command successful.
    Sep 15 17:55:43 host5 ftpd[28294]: command: PORT 172,100,1,41,128,70^M
    Sep 15 17:55:43 host5 ftpd[28294]: <--- 200
    Sep 15 17:55:43 host5 ftpd[28294]: PORT command successful.
    Sep 15 17:55:43 host5 ftpd[28294]: command: RETR file1^M
    Sep 15 17:55:43 host5 ftpd[28294]: <--- 150
    Sep 15 17:55:43 host5 ftpd[28294]: Opening data connection for file1
    (5271871 bytes).
    Sep 15 17:55:44 host5 ftpd[28294]: <--- 226
    Sep 15 17:55:44 host5 ftpd[28294]: Transfer complete.
    Sep 15 17:55:44 host5 ftpd[28294]: FTPD: EXPORT file local , remote
    file1
    Sep 15 17:55:48 host5 ftpd[28294]: command: QUIT^M
    Sep 15 17:55:48 host5 ftpd[28294]: <--- 221
    Sep 15 17:55:48 host5 ftpd[28294]: Goodbye.

    Is it possible to get a packet by packet transfer information from
    this. Or any other suggestion in this regard would be very helpful.

    Regards,
    Kailash

  2. Re: FTPD packet level debugging information required

    kailash schrieb:
    > Hello,
    >
    > I am working with aix 4.3.2 and the ftpd version is 4.1. I have a
    > requirement to monitor all the ftp packets that go out of the server.
    > I tried using the '-d' , '-l' and the '-s' options already available
    > with the ftpd command. I also modified the /etc/syslog.conf file. This
    > is the information I get from the logs created by the syslogd:
    >
    > Sep 15 17:55:24 host5 ftpd[28294]: connection from host9 at Mon Sep 15
    > 17:55:24 2008
    > Sep 15 17:55:24 host5 ftpd[28294]: <--- 220
    > Sep 15 17:55:24 host5 ftpd[28294]: host5 FTP server (Version 4.1 Fri
    > Feb 12 13:15:17 CST 1999) ready.
    > Sep 15 17:55:26 host5 ftpd[28294]: command: USER root^M
    > Sep 15 17:55:26 host5 ftpd[28294]: <--- 331
    > Sep 15 17:55:26 host5 ftpd[28294]: Password required for root.
    > Sep 15 17:55:27 host5 ftpd[28294]: command: PASS
    > Sep 15 17:55:27 host5 ftpd[28294]: <--- 230
    > Sep 15 17:55:27 host5 ftpd[28294]: User root logged in.
    > Sep 15 17:55:27 host5 ftpd[28294]: FTP LOGIN FROM host9, root
    > Sep 15 17:55:28 host5 ftpd[28294]: command: TYPE I^M
    > Sep 15 17:55:28 host5 ftpd[28294]: <--- 200
    > Sep 15 17:55:28 host5 ftpd[28294]: Type set to I.
    > Sep 15 17:55:35 host5 ftpd[28294]: command: CWD /home^M
    > Sep 15 17:55:35 host5 ftpd[28294]: <--- 250
    > Sep 15 17:55:35 host5 ftpd[28294]: CWD command successful.
    > Sep 15 17:55:43 host5 ftpd[28294]: command: PORT 172,100,1,41,128,70^M
    > Sep 15 17:55:43 host5 ftpd[28294]: <--- 200
    > Sep 15 17:55:43 host5 ftpd[28294]: PORT command successful.
    > Sep 15 17:55:43 host5 ftpd[28294]: command: RETR file1^M
    > Sep 15 17:55:43 host5 ftpd[28294]: <--- 150
    > Sep 15 17:55:43 host5 ftpd[28294]: Opening data connection for file1
    > (5271871 bytes).
    > Sep 15 17:55:44 host5 ftpd[28294]: <--- 226
    > Sep 15 17:55:44 host5 ftpd[28294]: Transfer complete.
    > Sep 15 17:55:44 host5 ftpd[28294]: FTPD: EXPORT file local , remote
    > file1
    > Sep 15 17:55:48 host5 ftpd[28294]: command: QUIT^M
    > Sep 15 17:55:48 host5 ftpd[28294]: <--- 221
    > Sep 15 17:55:48 host5 ftpd[28294]: Goodbye.
    >
    > Is it possible to get a packet by packet transfer information from
    > this. Or any other suggestion in this regard would be very helpful.
    >
    > Regards,
    > Kailash


    Hi,

    if you really need to debug on packet level (who ever will analyse
    that), then go for "iptrace" (with port 21 specification and packet size
    resitriction - otherwise you'll need a huge filesystem for that) and
    "ipreport".

    But to me, i think it is sufficient to know:
    - who logged in to ftp at what time from where
    - what file has been transfered
    - what was the size

    All these appear in your output.

    Regards
    Uwe Auer

  3. Re: FTPD packet level debugging information required

    On Sep 15, 5:21 pm, Uwe Auer wrote:
    > kailash schrieb:
    >
    >
    >
    > > Hello,

    >
    > > I am working with aix 4.3.2 and the ftpd version is 4.1. I have a
    > > requirement to monitor all the ftp packets that go out of the server.
    > > I tried using the '-d' , '-l' and the '-s' options already available
    > > with the ftpd command. I also modified the /etc/syslog.conf file. This
    > > is the information I get from the logs created by the syslogd:

    >
    > > Sep 15 17:55:24 host5 ftpd[28294]: connection from host9 at Mon Sep 15
    > > 17:55:24 2008
    > > Sep 15 17:55:24 host5 ftpd[28294]: <--- 220
    > > Sep 15 17:55:24 host5 ftpd[28294]: host5 FTP server (Version 4.1 Fri
    > > Feb 12 13:15:17 CST 1999) ready.
    > > Sep 15 17:55:26 host5 ftpd[28294]: command: USER root^M
    > > Sep 15 17:55:26 host5 ftpd[28294]: <--- 331
    > > Sep 15 17:55:26 host5 ftpd[28294]: Password required for root.
    > > Sep 15 17:55:27 host5 ftpd[28294]: command: PASS
    > > Sep 15 17:55:27 host5 ftpd[28294]: <--- 230
    > > Sep 15 17:55:27 host5 ftpd[28294]: User root logged in.
    > > Sep 15 17:55:27 host5 ftpd[28294]: FTP LOGIN FROM host9, root
    > > Sep 15 17:55:28 host5 ftpd[28294]: command: TYPE I^M
    > > Sep 15 17:55:28 host5 ftpd[28294]: <--- 200
    > > Sep 15 17:55:28 host5 ftpd[28294]: Type set to I.
    > > Sep 15 17:55:35 host5 ftpd[28294]: command: CWD /home^M
    > > Sep 15 17:55:35 host5 ftpd[28294]: <--- 250
    > > Sep 15 17:55:35 host5 ftpd[28294]: CWD command successful.
    > > Sep 15 17:55:43 host5 ftpd[28294]: command: PORT 172,100,1,41,128,70^M
    > > Sep 15 17:55:43 host5 ftpd[28294]: <--- 200
    > > Sep 15 17:55:43 host5 ftpd[28294]: PORT command successful.
    > > Sep 15 17:55:43 host5 ftpd[28294]: command: RETR file1^M
    > > Sep 15 17:55:43 host5 ftpd[28294]: <--- 150
    > > Sep 15 17:55:43 host5 ftpd[28294]: Opening data connection for file1
    > > (5271871 bytes).
    > > Sep 15 17:55:44 host5 ftpd[28294]: <--- 226
    > > Sep 15 17:55:44 host5 ftpd[28294]: Transfer complete.
    > > Sep 15 17:55:44 host5 ftpd[28294]: FTPD: EXPORT file local , remote
    > > file1
    > > Sep 15 17:55:48 host5 ftpd[28294]: command: QUIT^M
    > > Sep 15 17:55:48 host5 ftpd[28294]: <--- 221
    > > Sep 15 17:55:48 host5 ftpd[28294]: Goodbye.

    >
    > > Is it possible to get a packet by packet transfer information from
    > > this. Or any other suggestion in this regard would be very helpful.

    >
    > > Regards,
    > > Kailash

    >
    > Hi,
    >
    > if you really need to debug on packet level (who ever will analyse
    > that), then go for "iptrace" (with port 21 specification and packet size
    > resitriction - otherwise you'll need a huge filesystem for that) and
    > "ipreport".
    >
    > But to me, i think it is sufficient to know:
    > - who logged in to ftp at what time from where
    > - what file has been transfered
    > - what was the size
    >
    > All these appear in your output.
    >
    > Regards
    > Uwe Auer



    Thanks for the help... I shall try this out....

+ Reply to Thread