FTP Active 模式下,客户端监听一个端口,服务器对这个端口发起连接,我试了下好像的确如此,ftp.gnu.org
貌似主动向我的电脑发起了连接:
14:59:32.149900 IP ftp.gnu.org.ftp-data > 192.168.2.101.58903: Flags [S], seq 1241450827, win 29200, options [mss 1440,sackOK,TS val 1000896802 ecr 0,nop,wscale 7], length 0
ftp ftp.gnu.org
~ $ ftp ftp.gnu.org
Connected to ftp.gnu.org.
220 GNU FTP server ready.
Name (ftp.gnu.org:xcy): anonymous
230-NOTICE (Updated October 13 2017):
230-
230-Because of security concerns with plaintext protocols, we still
230-intend to disable the FTP protocol for downloads on this server
230-(downloads would still be available over HTTP and HTTPS), but we
230-will not be doing it on November 1, 2017, as previously announced
230-here. We will be sharing our reasons and offering a chance to
230-comment on this issue soon; watch this space for details.
230-
230-If you maintain scripts used to access ftp.gnu.org over FTP,
230-we strongly encourage you to change them to use HTTPS instead.
230-
230----
230-
230-Due to U.S. Export Regulations, all cryptographic software on this
230-site is subject to the following legal notice:
230-
230- This site includes publicly available encryption source code
230- which, together with object code resulting from the compiling of
230- publicly available source code, may be exported from the United
230- States under License Exception "TSU" pursuant to 15 C.F.R. Section
230- 740.13(e).
230-
230-This legal notice applies to cryptographic software only. Please see
230-the Bureau of Industry and Security (www.bxa.doc.gov) for more
230-information about current U.S. regulations.
230 Login successful.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
lrwxrwxrwx 1 0 0 8 Aug 20 2004 CRYPTO.README -> .message
-rw-r--r-- 1 0 0 17864 Oct 23 2003 MISSING-FILES
-rw-r--r-- 1 0 0 4178 Aug 13 2003 MISSING-FILES.README
-rw-r--r-- 1 0 0 2991 Oct 03 2019 README
-rw-r--r-- 1 0 0 405121 Oct 23 2003 before-2003-08-01.md5sums.asc
-rw-rw-r-- 1 0 3003 266558 Jun 04 23:00 find.txt.gz
drwxrwxr-x 322 0 3003 12288 Feb 16 07:35 gnu
drwxrwxr-x 3 0 3003 4096 Mar 10 2011 gnu+linux-distros
-rw-rw-r-- 1 0 3003 490132 Jun 04 23:00 ls-lrRt.txt.gz
drwxr-xr-x 3 0 0 4096 Apr 20 2005 mirrors
lrwxrwxrwx 1 0 0 11 Apr 15 2004 non-gnu -> gnu/non-gnu
drwxr-xr-x 91 0 0 4096 Jan 24 2019 old-gnu
lrwxrwxrwx 1 0 0 1 Aug 05 2003 pub -> .
drwxr-xr-x 2 0 0 4096 Nov 08 2007 savannah
drwxr-xr-x 2 0 0 4096 Aug 02 2003 third-party
drwxr-xr-x 2 0 0 4096 Apr 07 2009 tmp
-rw-rw-r-- 1 0 3003 579355 Jun 04 23:00 tree.json.gz
drwxr-xr-x 2 0 0 4096 May 07 2013 video
-rw-r--r-- 1 0 0 2830 Dec 18 2018 welcome.msg
226 Directory send OK.
ftp> quit
sudo tcpdump host ftp.gnu.org
~ $ sudo tcpdump host ftp.gnu.org
Password:
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
14:59:22.264321 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [P.], seq 3973045689:3973045705, ack 2440437920, win 2052, options [nop,nop,TS val 588267089 ecr 1000892404], length 16: FTP: USER anonymous
14:59:22.533091 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 16, win 227, options [nop,nop,TS val 1000894410 ecr 588267089], length 0
14:59:22.597714 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 1:40, ack 16, win 227, options [nop,nop,TS val 1000894431 ecr 588267089], length 39: FTP: 230-NOTICE (Updated October 13 2017):
14:59:22.597750 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 40, win 2051, options [nop,nop,TS val 588267420 ecr 1000894431], length 0
14:59:22.599061 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 40:46, ack 16, win 227, options [nop,nop,TS val 1000894431 ecr 588267089], length 6: FTP: 230-
14:59:22.599066 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 46:115, ack 16, win 227, options [nop,nop,TS val 1000894431 ecr 588267089], length 69: FTP: 230-Because of security concerns with plaintext protocols, we still
14:59:22.599067 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 115:184, ack 16, win 227, options [nop,nop,TS val 1000894431 ecr 588267089], length 69: FTP: 230-intend to disable the FTP protocol for downloads on this server
14:59:22.599069 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 254:325, ack 16, win 227, options [nop,nop,TS val 1000894431 ecr 588267089], length 71: FTP: 230-will not be doing it on November 1, 2017, as previously announced
14:59:22.599070 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 184:254, ack 16, win 227, options [nop,nop,TS val 1000894431 ecr 588267089], length 70: FTP: 230-(downloads would still be available over HTTP and HTTPS), but we
14:59:22.599071 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 325:392, ack 16, win 227, options [nop,nop,TS val 1000894431 ecr 588267089], length 67: FTP: 230-here. We will be sharing our reasons and offering a chance to
14:59:22.599073 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 392:455, ack 16, win 227, options [nop,nop,TS val 1000894431 ecr 588267089], length 63: FTP: 230-comment on this issue soon; watch this space for details.
14:59:22.599074 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 455:461, ack 16, win 227, options [nop,nop,TS val 1000894431 ecr 588267089], length 6: FTP: 230-
14:59:22.599111 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 46, win 2051, options [nop,nop,TS val 588267421 ecr 1000894431], length 0
14:59:22.599133 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 115, win 2050, options [nop,nop,TS val 588267421 ecr 1000894431], length 0
14:59:22.599142 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 184, win 2049, options [nop,nop,TS val 588267421 ecr 1000894431], length 0
14:59:22.599232 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 184, win 2049, options [nop,nop,TS val 588267421 ecr 1000894431,nop,nop,sack 1 {254:325}], length 0
14:59:22.599249 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 325, win 2047, options [nop,nop,TS val 588267421 ecr 1000894431], length 0
14:59:22.599269 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 392, win 2046, options [nop,nop,TS val 588267421 ecr 1000894431], length 0
14:59:22.599277 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 455, win 2045, options [nop,nop,TS val 588267421 ecr 1000894431], length 0
14:59:22.599288 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 461, win 2045, options [nop,nop,TS val 588267421 ecr 1000894431], length 0
14:59:22.940119 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 527:1279, ack 16, win 227, options [nop,nop,TS val 1000894493 ecr 588267420], length 752: FTP: 230-we strongly encourage you to change them to use HTTPS instead.
14:59:22.940158 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 461, win 2048, options [nop,nop,TS val 588267762 ecr 1000894431,nop,nop,sack 1 {527:1279}], length 0
14:59:23.306122 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 461:527, ack 16, win 227, options [nop,nop,TS val 1000894609 ecr 588267762], length 66: FTP: 230-If you maintain scripts used to access ftp.gnu.org over FTP,
14:59:23.306175 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1279, win 2035, options [nop,nop,TS val 588268127 ecr 1000894609], length 0
14:59:31.587645 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [P.], seq 16:43, ack 1279, win 2048, options [nop,nop,TS val 588276405 ecr 1000894609], length 27: FTP: PORT 192,168,2,101,230,23
14:59:31.833909 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 43, win 227, options [nop,nop,TS val 1000896741 ecr 588276405], length 0
14:59:31.834151 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 1279:1330, ack 43, win 227, options [nop,nop,TS val 1000896741 ecr 588276405], length 51: FTP: 200 PORT command successful. Consider using PASV.
14:59:31.834246 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1330, win 2047, options [nop,nop,TS val 588276649 ecr 1000896741], length 0
14:59:31.834547 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [P.], seq 43:49, ack 1330, win 2048, options [nop,nop,TS val 588276649 ecr 1000896741], length 6: FTP: LIST
14:59:32.149900 IP ftp.gnu.org.ftp-data > 192.168.2.101.58903: Flags [S], seq 1241450827, win 29200, options [mss 1440,sackOK,TS val 1000896802 ecr 0,nop,wscale 7], length 0
14:59:32.150066 IP 192.168.2.101.58903 > ftp.gnu.org.ftp-data: Flags [S.], seq 494738353, ack 1241450828, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 588276962 ecr 1000896802,sackOK,eol], length 0
14:59:32.150158 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 49, win 227, options [nop,nop,TS val 1000896812 ecr 588276649], length 0
14:59:32.456628 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 1330:1369, ack 49, win 227, options [nop,nop,TS val 1000896881 ecr 588276649], length 39: FTP: 150 Here comes the directory listing.
14:59:32.456677 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1369, win 2047, options [nop,nop,TS val 588277268 ecr 1000896881], length 0
14:59:32.457203 IP ftp.gnu.org.ftp-data > 192.168.2.101.58903: Flags [.], ack 1, win 229, options [nop,nop,TS val 1000896881 ecr 588276962], length 0
14:59:32.457210 IP ftp.gnu.org.ftp-data > 192.168.2.101.58903: Flags [P.], seq 1:1335, ack 1, win 229, options [nop,nop,TS val 1000896881 ecr 588276962], length 1334
14:59:32.457213 IP ftp.gnu.org.ftp-data > 192.168.2.101.58903: Flags [F.], seq 1335, ack 1, win 229, options [nop,nop,TS val 1000896881 ecr 588276962], length 0
14:59:32.457260 IP 192.168.2.101.58903 > ftp.gnu.org.ftp-data: Flags [.], ack 1, win 2052, options [nop,nop,TS val 588277268 ecr 1000896881], length 0
14:59:32.457284 IP 192.168.2.101.58903 > ftp.gnu.org.ftp-data: Flags [.], ack 1335, win 2031, options [nop,nop,TS val 588277268 ecr 1000896881], length 0
14:59:32.457301 IP 192.168.2.101.58903 > ftp.gnu.org.ftp-data: Flags [.], ack 1336, win 2031, options [nop,nop,TS val 588277268 ecr 1000896881], length 0
14:59:32.458293 IP 192.168.2.101.58903 > ftp.gnu.org.ftp-data: Flags [F.], seq 1, ack 1336, win 2048, options [nop,nop,TS val 588277269 ecr 1000896881], length 0
14:59:32.701397 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 1369:1393, ack 49, win 227, options [nop,nop,TS val 1000896957 ecr 588276649], length 24: FTP: 226 Directory send OK.
14:59:32.701443 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2047, options [nop,nop,TS val 588277510 ecr 1000896957], length 0
14:59:33.580121 IP 192.168.2.101.58903 > ftp.gnu.org.ftp-data: Flags [F.], seq 1, ack 1336, win 2048, options [nop,nop,TS val 588278387 ecr 1000896881], length 0
14:59:35.013201 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [P.], seq 49:55, ack 1393, win 2048, options [nop,nop,TS val 588279820 ecr 1000896957], length 6: FTP: QUIT
14:59:35.321961 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 55, win 227, options [nop,nop,TS val 1000897597 ecr 588279820], length 0
14:59:35.322265 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [F.], seq 1407, ack 55, win 227, options [nop,nop,TS val 1000897597 ecr 588279820], length 0
14:59:35.322270 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [P.], seq 1393:1407, ack 56, win 227, options [nop,nop,TS val 1000897597 ecr 588279820], length 14: FTP: 221 Goodbye.
14:59:35.322329 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588280128 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:35.322354 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588280128 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:35.569089 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897674 ecr 588279820], length 0
14:59:35.569141 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588280374 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:35.572332 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897674 ecr 588279820], length 0
14:59:35.572385 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588280377 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:35.618778 IP 192.168.2.101.58903 > ftp.gnu.org.ftp-data: Flags [F.], seq 1, ack 1336, win 2048, options [nop,nop,TS val 588280423 ecr 1000896881], length 0
14:59:35.787693 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [F.], seq 1407, ack 56, win 227, options [nop,nop,TS val 1000897729 ecr 588279820], length 0
14:59:35.787731 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588280591 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:35.817852 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897737 ecr 588279820], length 0
14:59:35.817911 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588280621 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:36.032673 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897790 ecr 588279820], length 0
14:59:36.032739 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588280835 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:36.063703 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897798 ecr 588279820], length 0
14:59:36.063744 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588280866 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:36.345344 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897852 ecr 588279820], length 0
14:59:36.345398 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588281147 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:36.345772 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897859 ecr 588279820], length 0
14:59:36.345795 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588281147 ecr 1000897597,nop,nop,sack 1 {1407:1408}], length 0
14:59:36.369886 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [FP.], seq 1393:1407, ack 56, win 227, options [nop,nop,TS val 1000897875 ecr 588279820], length 14: FTP: 221 Goodbye.
14:59:36.369925 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588281171 ecr 1000897875,nop,nop,sack 1 {1407:1408}], length 0
14:59:36.652539 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897930 ecr 588279820], length 0
14:59:36.652579 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588281453 ecr 1000897875,nop,nop,sack 1 {1407:1408}], length 0
14:59:36.652831 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897930 ecr 588279820], length 0
14:59:36.652836 IP ftp.gnu.org.ftp > 192.168.2.101.58902: Flags [.], ack 56, win 227, options [nop,nop,TS val 1000897936 ecr 588279820], length 0
14:59:36.652859 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588281453 ecr 1000897875,nop,nop,sack 1 {1407:1408}], length 0
14:59:36.652876 IP 192.168.2.101.58902 > ftp.gnu.org.ftp: Flags [.], ack 1393, win 2048, options [nop,nop,TS val 588281453 ecr 1000897875,nop,nop,sack 1 {1407:1408}], length 0
^C
75 packets captured
120 packets received by filter
0 packets dropped by kernel
家庭网络不是没法接受外部发起的 TCP 连接吗?ftp.gnu.org.ftp-data 怎么可能主动向我的电脑的 58903 发起连接呢?
我的网络:
电信喵 -> 我的路由器 -> 我的电脑
还有电脑上监听 nc -l 0.0.0.0 55555
,然后访问 http://我的公网IP地址:55555/
到不到的了「我的路由器」?