Wireshark-users: Re: [Wireshark-users] Analyzing a "broken" FTP session
From: "Chivian, John" <jchivian@xxxxxxxxxxxxxx>
Date: Fri, 21 Aug 2009 10:28:31 -0700
Thanks Martin.   The clipped packet captures are attached.   

Client info:
$ # the command line FTP client was used
$ uname -a
Linux hostname-masked 2.6.9-55.0.12.ELsmp #1 SMP Fri Nov 2 12:38:56 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/redhat-release
CentOS release 4.7 (Final)

Server info:
$ # a commercial FTP server daemon
$ uname -a
Linux hostname-masked 2.6.9-89.0.7.ELsmp #1 SMP Wed Aug 5 14:12:18 EDT 2009 i686 athlon i386 GNU/Linux
$ cat /etc/redhat-release
Red Hat Enterprise Linux ES release 4 (Nahant Update 8)

Network information:
The systems are both operating at 100 Mb/s.
They are both in the same physical location.
Client <-> Switch <-> Router <-> Switch <-> Server
The problem is generally seen with FTP sessions involving hundreds of small files.

I understand that the issue may be network as opposed to server related, and I understand that the packet captures may not contain enough information to make a definitive judgment.

Thanks all for your help!



From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Martin Visser
Sent: Friday, August 21, 2009 2:49 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Analyzing a "broken" FTP session

Posting snippets of packet captures with reasonable problem reports are generally welcome. A lot of us here enjoy the challenge of trying interpret a stream of bytes with the hope of actually diagnosing the higher level issue that may be causing the problem. 

That said, some of us do this work for a living and get paid quite a bit of money to do it, so doing it for free is only viable if it doesn't take a lot of time. Any time I respond to such requests is out of a spirit of mentoring the community and also hopefully giving myself a little confidence that I actually sometimes know what I am talking about :-)

So please post, but also understand the context of the community.

Regards, Martin


On Fri, Aug 21, 2009 at 12:36 PM, Chivian, John <jchivian@xxxxxxxxxxxxxx> wrote:

  I'm not sure if this is the correct forum for this but I am hoping to get some help identifying a problem that sometimes occurs between an FTP client and server.   (If this isn't the right forum can someone point me in the right direction?)

  I have PCAP files made on both systems using tcpdump that have captured a recent failure, but I do not have enough expertise in packet analysis or the guts of the FTP protocol to read them and draw a definitive conclusion regarding why the connection "broke".

  If someone can help I am happy to provide more information regarding the systems themselves, the network topology between them, and the trimmed PCAP files for analysis.

  Thanks in advance, JC

John (JC) Chivian
Staff Software Engineer
Staff Unix/Linux Administrator
Corporate Information Systems
Photronics, Inc.
This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication may contain Photronics' confidential information. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited.
Environmentalism is an ethic and a way of life.  Pass it on!

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

Attachment: made_on_client.pcap
Description: made_on_client.pcap

Attachment: made_on_server.pcap
Description: made_on_server.pcap