Im trying to download a file from a FTP server using active mode.However,it looks like my connection just"expire" or something each time.First,I open a port on my computer using netcat,ex:
nc -vv -l -p 62077
this will listen on port 62077 on my computer.Then,I open another netcat windows,log in to the FTP link using port 21,and once im in the directory where the file I want is in,I do
PORT (my IP separated by , ),(242,125(wich equals to port 62077)\r\n
However,after I enter this command,nothing happen for about 10-15 seconds,and the netcat just quit without saying anything.Nothing happen either on the netcat window that is listening on port 62077.It does that everytime,I dont know what I am doing wrong.I did the same thing with Filezilla(in active mode) and examinated the commands with wireshark,I do the exact same command as Filezilla,however filezilla will be able to retrieve the file while netcat wont.I want to retrieve it with netcat and I dont know what im doing wrong.I am using Windows 10.
thank you!
After you have established your listening nc socket, and after you have sent the USER, PASS, and PORT commands, you then need to trigger the file transfer to that listening socket using e.g.:
RETR /path/to/file/to/download
on the control connection. (Unless you actually are already doing this, but didn't mention it in the post?)
Also, just to note: you mention using something like this:
PORT 1,2,3,4,(242,125)\r\n
Right? Those parentheses might also be an issue. Instead, you might try:
PORT 1,2,3,4,242,125\r\n
without any parentheses.
Now, depending on the IP address you sent (hopefully not a private network address), the data transfer may still not happen, due to firewalls/routers/NAT on the client side of things. Given that your Filezilla download of the same file works, I suspect that those firewall/router/NAT issues may not apply.
Hope this helps!
Related
I am using a call to ftp.exe to upload file to a FTP Server.
This program is running since many years and uploads to number of servers, so far without problems.
After one of the receiver servers has been updated, uploads are no longer possible.
This is the command sequence:
open ftp.xxx.de
<user>
<pw>
>230 User logged in, proceed
cd upload
bin
put <filename>
and in response to this the server replies:
501 PORT IP is not the same as 10.100.244.5
150 File Status okay, about to open Connection
That is it, after this the connection is stuck and gets closed after a certain timeout period.
Funny enough, a google search for "PORT IP is not the same as" return exactly one result, which explains that the IP seen by the server is different from the one expected.
Also, when using WinSCP, FileZilla or other FTP utility programs, the connection has no problem and does transfer files just fine.
So, why does this appear and how to solve it?
The ftp.exe uses an old-fashioned active mode command PORT, which requires the client to specify its IP address to which the FTP servers needs to connect back to open a data transfer connection.
If your are behind a firewall or a NAT, the client may not know its external IP address and uses its local network address. This causes troubles. Either the server fails to connect back as it obviously cannot connect to the client's local network. Or the server rejects the PORT command straight away, if the specified IP address does not match the IP address, from which the FTP client connects to the server. This is a security measure as the difference may indicate a man-in-the-middle attack. Your server does the validation. Some servers might be configured to ignore the IP address specified in the PORT command and connect to a known IP address of the client.
Another way to solve this is, if the firewall/NAT can inspect the FTP traffic and seamlessly modify the IP address in the PORT command. This is obviously not happening.
You do not get the problem with WinSCP or FileZilla, as these clients default to the passive FTP mode, which does not have the problem. Also in the active mode these clients can be configured to use the external IP address. FileZilla also supports the modern EPRT command, that does not need to specify the IP address at all (the server uses the known IP address of the client).
See my article about active/passive FTP mode for details.
I do not think there's any way to make it working with the Windows ftp.exe. It neither supports the passive mode, nor can be configured to use the external IP address, nor supports the EPRT command.
So unless you can configure the FTP server not to do the check and connect to the known IP address of the client or configure your firewall/NAT to modify the IP address in the PORT command, you have to use another FTP client.
As you know that WinSCP works, see the guide for converting the Windows ftp.exe script to WinSCP script.
(I'm the author of WinSCP)
I want to add support for the PORT command to my FTP server. I'm reading RFC 959, but I can't figure out when it's safe to connect to the FTP client. For example, consider this sequence:
PORT 127,0,0,1,34,34
LIST
Does the FTP client start listening before issuing the PORT command, or after issuing the LIST command? Because if the server attempts to connect to the client immediately after receiving PORT, it might fail because the client might not have started listening yet.
What does the specification say? Can the server connect immediately, or should it wait until after it receives the command that will make use of the data connection?
The server shouldn't connect to the client until it gets a command that requests a data transfer, such as LIST or RETR. See section 7 of RFC 959, which shows a typical sequence of operations (RFC's didn't have the formal MUST/MAY/SHOULD specifications in those early days).
However, since the port used in the PORT command is typically an ephemeral port, the client needs to open a socket to get the OS to assign a port number. This implies that by the time the PORT command is sent, the port would have to be open. However, it's possible that it might not yet have called listen().
Not only for the host running. Bat, but to run and display the output text to the client (Telnet)
This is possible?
I have tried and tested everything and could not.
If it is not really possible, which file should I edit to edit the text output from telnet and what language is it?
from what little I understood, you just want to send the output of a file to another computer using telnet. if so try file | telnet. or... cough ...
you could use netcat, if it was one time and you were carful it shouldn't pose a huge threat.
nc -lp12123 on the server, and connect with nc server 12123 -efile.bat on the client.
if neither of these suit then please post more info.
Is it possible to listen on a port and run a command when a user attempts to connect to that port? Ideal application is for a server that should only be run when someone is actually using it. Windows or Linux solutions work.
linux/unix:
man nc
NAME
nc - TCP/IP swiss army knife
some options that you may be interested
-l listen mode, for inbound connects
-p port local port number (port numbers can be individual or ranges: lo-hi [inclusive])
-e prog specify program to exec after connect (use with caution)
i think nc is also available under windows platform.
One solution could be via inetd or xinetd, specify the port number and a program to run, for you probably a shell script.
I am note sure what is the exact scope of a question but if bound to the programming-level, you could write your server in a way that when nobody is using it, no resources apart from the listening part are allocated. I would call it lazy initialization. When someone connects simply initialize the whole logic of your program. When all connections are gone, deinitialize everything.
I've been trying to get sqlplus to connect to Oracle from my OS X machine. I asked another question about it here.
One person suggested that I try telnet. Consulting the man page, I tried:
[ ethan#gir ~ ]$ telnet DBHOST:1521
Trying xxx.xxx.xxx.xxx...
telnet: connect to address xxx.xxx.xxx.xxx: Operation timed out
telnet: Unable to connect to remote host
Also...
[ ethan#gir ~ ]$ telnet DBHOST 1521
...with same result.
I'm not sure how to interpret these results. Seems like what you'd expect in any case. You wouldn't do this...
$ ssh some_mysql_host:3306
How is telnet to Oracle different?
Or maybe I didn't understand what they meant.
If anyone could help me understand how one uses telnet to test a connection to Oracle I would be grateful.
They're proposing use of telnet simply because it's one of the simplest TCP/IP clients and because it's installed almost everywhere. It's just an easy way to check from the command line whether you're actually able to make a TCP/IP connection to any particular service.
Also, on many of the ASCII based IP protocols it's straight forward to actually interact with the server to check its working by typing in commands and looking at the responses - I've done this numerous times myself with SMTP servers.
In your case, as you're getting a timeout, either the whole host is down, or the access to that particular host or service is being blocked by a firewall. If you can reach the server with a ping then the latter is more likely.
There's also an outside chance that your name resolution is actually taking you to the wrong host, but you should be able to confirm that by looking at the IP address that telnet said it was trying to connect to.
Another common response is "connection refused". That means that the host is up, but that there's no service running on the specified port.
Basically when you specify a port number e.g
Telnet myserver 1521
It will try to connect to the machine on that port. If you see any data returned or even a blank console then it has connected. If you receive an unable to connect message then the machine is not listening on that port or a firewall is blocking the connection.
Your attempt to telnet to dbhost 1521 getting 'unable to connect' with a timeout suggests that either your hostname resolution for 'dbhost' is giving you the wrong answer, or that host is offline, down or you have network problems.
If oracle was working, you'd get a connection. You wouldn't really be able to do anything with it, but it would confirm that oracle was up and listening.
Oracle instance is not connected from other systems, while it is connected from localhost, I think port is not opened and it is showing problem to telnet 1521 port from other system.
Why not do it the 'right' way? Telnetting to some arbitrary network port will not give you correct information, if the database and it's listener is working correctly.
Just install the oracle instantclient software and use the configuration wizard.