Subject: some tcp header looking faulty when do ftp from windows and non
To: None <tech-net@netbsd.org>
From: v.nagasrinivas <cheluvi@yahoo.com>
List: tech-net
Date: 01/10/2002 12:29:26
This is a multi-part message in MIME format.
--------------6C11435F58E5F79A2A64469D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
We are fiddling with tcpdump usage.
We did, ftp from windows machine and Linux machine to NetBSD 1.5 and
collected the packets..
Observations and question attached here...
Could any one help me out....
--
v.nagasrinivas
b4,q1,6th floor,cybertowers,
Hi-Tec city,Madhapur,
Hyderabad-500033
AndhraPradesh State.
INDIA.
http://nagasrinivasv.reach.at
office ph: 091-040-3110200
--------------6C11435F58E5F79A2A64469D
Content-Type: text/plain; charset=us-ascii;
name="tcp_faulty_hdr.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="tcp_faulty_hdr.txt"
I am observing the tcp packets by doing ftp to a NETBSD (1.5) system
from a windows NT 4.0 system. It seems the TCP header length is faulty i.e,
header length value is not matching to what it is sending. Here is the
tcpdump:
(Note: here the tcp header length field is 33rd byte, i.e, 3rd line
first half of the first byte in the dump)
13:34:37.817564 192.168.0.25.1042 > NETBSD2.ftp: S 57781:57781(0) win
8192 <mss 1460> (DF)
4500 002c a800 4000 8006 d15a c0a8 0019
c0a8 0007 0412 0015 0000 e1b5 0000 0000
6002 2000 10d9 0000 0204 05b4 2020
13:34:37.817759 NETBSD2.ftp > 192.168.0.25.1042: S
430302312:430302312(0) ack 57782 win 16384 <mss 1460>
4500 002c 00c6 0000 4006 f895 c0a8 0007
c0a8 0019 0015 0412 19a5 e468 0000 e1b6
6012 4000 f2b9 0000 0204 05b4
13:34:37.818091 192.168.0.25.1042 > NETBSD2.ftp: . ack 1 win 8760 (DF)
4500 0028 a900 4000 8006 d05e c0a8 0019
c0a8 0007 0412 0015 0000 e1b6 19a5 e469
5010 2238 283f 0000 2020 2020 2020
13:34:37.838303 NETBSD2.ftp > 192.168.0.25.1042: P 1:7(6) ack 1 win
17520 [tos 0x10]
4510 002e 00c9 0000 4006 f880 c0a8 0007
c0a8 0019 0015 0412 19a5 e469 0000 e1b6
5018 4470 968f 0000 3232 302d 0d0a
13:34:37.986390 192.168.0.25.1042 > NETBSD2.ftp: . ack 7 win 8754 (DF)
4500 0028 aa00 4000 8006 cf5e c0a8 0019
c0a8 0007 0412 0015 0000 e1b6 19a5 e46f
5010 2232 283f 0000 2020 2020 2020
When I am doing ftp from a Linux (Redhat 6.2) system to the same NETBSD system,
the header length is matching with what it is sending. Here is the
tcpdump for this:
13:32:16.701608 192.168.0.4.1026 > NETBSD2.ftp: S
517726340:517726340(0) win 32120 <mss 1460,sackOK,timestamp 343375
0,nop,wscale 0> (DF)
4500 003c 0066 4000 3f06 b9fa c0a8 0004
c0a8 0007 0402 0015 1edb e084 0000 0000
a002 7d78 0868 0000 0204 05b4 0402 080a
0005 3d4f 0000 0000 0103 0300
13:32:16.701819 NETBSD2.ftp > 192.168.0.4.1026: S
4272765035:4272765035(0) ack 517726341 win 16384 <mss 1460,nop,wscale
0,nop,nop,timestamp 7164 343375>
4500 003c 00a9 0000 4006 f8b7 c0a8 0007
c0a8 0004 0015 0402 fead 386b 1edb e085
a012 4000 f5ba 0000 0204 05b4 0103 0300
0101 080a 0000 1bfc 0005 3d4f
13:32:16.702119 192.168.0.4.1026 > NETBSD2.ftp: . ack 1 win 32120
<nop,nop,timestamp 343375 7164> (DF)
4500 0034 0067 4000 4006 b901 c0a8 0004
c0a8 0007 0402 0015 1edb e085 fead 386c
8010 7d78 e406 0000 0101 080a 0005 3d4f
0000 1bfc
13:32:16.702584 192.168.0.4.1026 > NETBSD2.ftp: . ack 1 win 32120
<nop,nop,timestamp 343375 7164> (DF)
4500 0034 0067 4000 3f06 ba01 c0a8 0004
c0a8 0007 0402 0015 1edb e085 fead 386c
8010 7d78 e406 0000 0101 080a 0005 3d4f
0000 1bfc
Is there any reason why the windows behaviour is so? I observer
that its the same case with other applications also(other than ftp).
Can any one help me please....
----------------------
Thanks and regards,
Thulasi Prasad
--------------6C11435F58E5F79A2A64469D--