Use the captured data to explain the outcome of the FTP experiment. In particular, if the file was successfully downloaded, explain how the problem of sending the IP address as part of the data payload of the IP packet is solved.
What will be an ideal response?
The file was successfully downloaded because ftp passive mode was used to setup the data
channel. In passive mode, the server tells the client which port to use. If active mode was used, the PORT
command would include IP and PORT in the payload in the outgoing packet. Since the IP and PORT is for private network, the ftp server would incorrectly use the IP and PORT information because payload data is not translated.
FTP session between two hosts in the public network (PC4 and PC2).
```
No. Time Source Destination Protocol Info
1 0.000000 128.143.136.1 128.143.136.22 FTP Request:
QUIT
2 0.000203 128.143.136.22 128.143.136.1 FTP Response:
221-You have transferred 0 bytes in 1 files.
4 0.000740 128.143.136.22 128.143.136.1 FTP Response:
221-Total traffic for this session was 893 bytes in 1 transfers.
14 6.507602 128.143.136.22 128.143.136.1 FTP Response:
220 PC2 FTP server (Version wu-2.6.2-5) ready.
16 6.508245 128.143.136.1 128.143.136.22 FTP Request:
AUTH GSSAPI
18 6.508405 128.143.136.22 128.143.136.1 FTP Response:
504 AUTH GSSAPI not supported.
19 6.508794 128.143.136.1 128.143.136.22 FTP Request:
AUTH KERBEROS_V4
20 6.508879 128.143.136.22 128.143.136.1 FTP Response:
504 AUTH KERBEROS_V4 not supported.
22 11.752038 128.143.136.1 128.143.136.22 FTP Request:
USER root
23 11.752984 128.143.136.22 128.143.136.1 FTP Response:
331 Password required for root.
25 14.675190 128.143.136.1 128.143.136.22 FTP Request:
PASS gradroot
26 14.683360 128.143.136.22 128.143.136.1 FTP Response:
230 User root logged in.
28 14.683499 128.143.136.1 128.143.136.22 FTP Request:
SYST
29 14.683815 128.143.136.22 128.143.136.1 FTP Response:
215 UNIX Type: L8
31 24.850211 128.143.136.1 128.143.136.22 FTP Request:
PASV
32 24.851468 128.143.136.22 128.143.136.1 FTP Response:
227 Entering Passive Mode (128,143,136,22,184,34)
37 24.852624 128.143.136.1 128.143.136.22 FTP Request:
LIST
38 24.853043 128.143.136.22 128.143.136.1 FTP Response:
150 Opening ASCII mode data connection for directory listing.
```
The ftp session to PC2 (128.143.136.22) from PC3 was successful. Typically NAT translations are
applied only to the IP addresses present in the IP header portion of the packet. In case of FTP, the
addresses are included as a part of the payload also, this might create potential problems. This problem can be solved by allowing the NAT to scan the payload portion also for the IP addresses and make the necessary modifications. In case of IP Masquerading, NAT also scans for the port numbers in the IP payload. A reverse procedure can be applied for the packets coming from the public network and destined for one of the hosts in the private network.
You might also like to view...
Which of these is not a guideline for display screen design?
A) Create an attractive display screen. B) Facilitate user movement among display screens. C) Keep the display screen simple. D) Vary the display screen presentation.
A(n) ________ is a line with connection points at each end
Fill in the blank(s) with correct word
FIGURE 7-2
Figure 7-2 shows the output of a program that includes a(n) ____.
A. arithmetic overflow B. data validation C. boundary condition D. assert statement
The most robust level of security that can be achieved today for wireless LANs is using the ____ model.
A. personal security B. transitional security C. temporal security D. enterprise security