Need FTP Help (command line questions)

Hey guys

I have been trying to figure this problem out at work for to long now. I have a company that ftps a few records from us in Connecticut down to New Jersey and i have traced the problem to dropped connections. I can only successfully upload them their backup if i use a program such as smartftp ext... The reason for the problem seems to be the software has a reset connection option and you can set a number of reconnects.

The problem i have is that they only download from us using the build into windows or unix ftp command line interface version.

Is there a way i can set the command line version to accept reconnects when the connection keeps dropping?

This company keeps telling us that the problem is on our end and its becoming a big issue. I have got to resolve this and soon

I can ftp from anywhere with no problem and so can they. Is there a way to tell if the problem is between here and new jersey and if so what can i do about it? Is there something i could look at on the unix box that is an ftp server here in my building that might fix the connection problems?

thanks for any help you can offer. you guys are the best.

Aaron

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

EdTheLad

If i were you i would run a continuous ping to the remote ftp server at the same time you try using the windows ftp application.This will give you a better idea if you are getting disconnects due to traffic problems on the network or the protocol stack is acting up on a machine.
Have you tryed to use different machines on either end?

Non-Profit Techie

i have tried from different machines and different networks as well as using differnt ISP networks.

I can only send them the data they want when i use a program that keeps trying to reconnect in each case. its very strange.

bighornsheep

have you tried SFTP? maybe that will solve your problem of connection resetting....

forbesl

Are you using active FTP or passive FTP? Determine which of these you are using and try using the other.

Non-Profit Techie

bighornsheep wrote:

have you tried SFTP? maybe that will solve your problem of connection resetting....

i have not tried this because its their unix box in our building that uses a script to send them the files.

Non-Profit Techie

forbesl wrote:

Are you using active FTP or passive FTP? Determine which of these you are using and try using the other.

as far as i know in the command line you can only use active. i dont know how to change it in there , however the upload fails no matter which mode i use. it will work in passive , however the software has to use the connection reset option to make it work.

i really appreicate you guys helping me with this.

EdTheLad

What type of QoS policies are you running internally on your network?
Do you have a specific service level agreement with the different isp's you tested with.Maybe you company classifies ftp traffic as low priority as it exits your network to the isp, this might be the cause of the disconnects, the isp will randomly drop low priority traffic.If this is the case try to set this ftp taffic as a high priority as a test and check the result.

Before you check any of that, can you ftp from the unix machine to a local machine using the window ftp app without a problem?

Non-Profit Techie

I dont know that information. However, im unsure that would be the case because the problem only started a few weeks ago.

I did run wireshark while downloading 200mb from microsoft and checked the graphs after i was done. The charts show no big gaps in data transfer. with 53 errors (checksum , resubmit packets)

Then i tried to upload 130mb to this company and the charts has big gaps in the data transfer. with 974 errors (resubmit packets, checksum errors)

Danman32

Actually you tell the server to go passive. Once you have the command line utility connect, send 'literal pasv' to the server to tell the server that you want the data transferred via a passive connection.

Non-Profit Techie

trying it now....

Non-Profit Techie

ok. I was able to upload the file to their ftp server from two different machines. One was using our normal isp and the other machine hooked up to a cable modem on a different isp. THey both worked with the 'literal pasv' command that you suggested running from a cmd box in windows. It then tried it without the passive command and it failed. Then to be sure that might be the fix i tried the 'literal pasv' mode again and unfortunatly it failed as well. It failed with a message that states "Net Out: Connection reset by peer"

If i log onto the unix box that host these files the 'literal pasv' command doesnt seem to valid. but i was able to find the 'passive' command

I tried this to send the data and the connection ended with "426 Data Connection: Interupted system call".

So close but so far

I am learning alot tho. I wish i knew why this stopped working.

(after a little more research into the QoS stuff, I am unable to manage that because the state of connecticut is in charge of that and i dont have access to it . I wish i did cause it looks like it would be cool to investigate. but im sure that isnt the problem because it doesnt work from my other connection out that isnt monitored with that equipment.)

Danman32

Did you try a continuous ping to the server while doing the FTP as Ed suggests? If the ping drops out also, then it is probably a network issue and not specific to FTP.

Non-Profit Techie

i can tracert to a certain router and then it goes no further. My boss did a little homework and he thinks the place where the ping stops is the service provider for the domain they are on. so i can ping to that point only and it pings continuously without problems or latency.

Well, i have to go home for the weekend, but i will let you know if we find anything out. How much you wanna be this thing just magically fixes itself over time, lol

drpower555

Connection reset by peer sounds like a router problem to me.

TeKniques

Could the connection reset also be a timeout setting? Although I don't think it would affect Ping. I also had a similar situation where a client was trying to upload a 500 mb file that kept cutting out 45 min into the upload. Turned out it was an FTP timeout setting on the Firewall that was the issue.

I don't know, maybe something else to look at.

Sounds like a tough problem none the less.

sprkymrk

The data wouldn't happen to be a large zipped/compressed file would it? Who controls the firewall(s) at either end? If they have AV scanning going on see if they can turn it off for the ftp connection. Large zipped files can run into "Container Violation" errors, but you would only see it logged at the firewall. The FTP server/client would only get a "Connection Reset by Peer" error, not knowing it's a firewall in between causing the connection to be reset.

Non-Profit Techie

thanks for all the help guys. Yeah my boss is going to work on it a bit more today. He checked this thread over the weekend and tried a few more things that didnt work out. I worked once for him and he got all excited but then it failed after trying again.

Yes it is a large zip file that is 144 megs.

I will keep you updated when i hear anything. but for most of the day im stuck installing new PCs.

blargoe

Well good lord, 144 megs? Any way you could split that up?

Danman32

Tracert works by doing sequential pings to the target, but incrementing the TTL by one for each iteration. Some routers simply drop the 'dead' packet without returning an error, but subsequent pings with longer TTL's will get through.

BubbaJ

Danman32 wrote:

Tracert works by doing sequential pings to the target, but incrementing the TTL by one for each iteration. Some routers simply drop the 'dead' packet without returning an error, but subsequent pings with longer TTL's will get through.

This is how Microsoft has implemented it. Based on the ICMP RFC, this is incorrect since you shouldn't send an ICMP error in reply to an ICMP request. Cisco (and others) implement it using UDP, TCP, etc. Here is one explanation:

The Traceroute Command

The traceroute command is used to discover the routes that packets actually take when traveling to their destination. The device (for example, a router or a PC) sends out a sequence of User Datagram Protocol (UDP) datagrams to an invalid port address at the remote host.

Three datagrams are sent, each with a Time-To-Live (TTL) field value set to one. The TTL value of 1 causes the datagram to "timeout" as soon as it hits the first router in the path; this router then responds with an ICMP Time Exceeded Message (TEM) indicating that the datagram has expired.

Another three UDP messages are now sent, each with the TTL value set to 2, which causes the second router to return ICMP TEMs. This process continues until the packets actually reach the other destination. Since these datagrams are trying to access an invalid port at the destination host, ICMP Port Unreachable Messages are returned, indicating an unreachable port; this event signals the Traceroute program that it is finished.

The purpose behind this is to record the source of each ICMP Time Exceeded Message to provide a trace of the path the packet took to reach the destination. For all the options about this command, see Trace (privileged).

Danman32

I agree UDP is better. The point though is the TTL, which the timeout might be dropped for security reasons.

BubbaJ

Danman32 wrote:

I agree UDP is better. The point though is the TTL, which the timeout might be dropped for security reasons.

Yes, but there are other problems. Devices are often set to ignore ICMP requests (ping). If you use Microsoft's version, you may not get the real picture. This is more likely than an ICMP error message being dropped for security (unless the person that set it up didn't really know what they were doing). Tunnels will also look like one hop regardless of how many real hops there are, and MPLS can be configured to give an incomplete picture to a trace.

Non-Profit Techie

thanks for all the replies guys. a problem may have been found within our routers. my boss is going to fill me in later today. im sure he wants to check and see if the script ran last night successfully first. I should be able to let you know what it was later on today.

Non-Profit Techie

well the problem is fixed now. I dont exactly know how to explain it as my buddy only had a minute to explain it to me. And i still cant explain why it wasnt working from home but they fixed some settings between our routers that had to do with autosencing on our cisco equipment that was in someway causing errors between our Connecticut Educational Network Gateway that was hardcoded to run at 100mbps.

Hopefully he can explain it to me better when he gets a second. but our bandwidth is much greater now :

It was running at just a little over 1/2 mbps before. Anyway, im still confused as hell and need him to really explain it all to me. I will fill ya in as soon as i am.

sprkymrk

Thanks for the update. It's always nice when someone replies with what worked instead of leaving us all hanging.

Danman32

Autosense problems sure would cause disconnects. And improperly fixing the speed/duplex could make the problem worse. I have been through that with my Belin router and my then new desktop with a built-in Gb network card. That card would connect and disconnect haphazardly as it tried to negotiate the speed with the 10/100 switch on the belkin. I fixed the card to 100Mb, but set the duplex to full. Unfortunately the switch didn't handle full duplex too well, so when I sent large files from/to my other PC, I was getting slow throughput. I ran Ethereal (now WireShark) on both of them and compared the packets. It showed dropped/lost ACK packets, and subsequently retries from the other end which totally confused the end sending ACKs.

Once I set the interface to 100/half, it worked as it should. That could be what your manager was seeing and did.