Information Technology Reference
In-Depth Information
connections help close this security hole, many corporate networks do not permit this type of traffic.
Most command-line FTP clients default to this method of transfer and offer a
passive
command (or
something similar) to switch to passive mode.
•
Passive mode
—The FTP client instructs the FTP server that it wants a passive connection, and the
server replies with an IP address and port number to which the FTP client can open a TCP data
connection. This method is by far the most secure because it requires no inbound TCP connections
to the FTP client. Many corporate networks permit only this type of FTP transfer. Although most of
the popular web browsers default to this method of FTP transfer, you shouldn't assume that they do.
You can test the FTP control connection using any Telnet application that allows a port number to be
specified. Telnet to the IP address of the destination server using port 21, and you should see a hello
message indicating that you have FTP connectivity to the server.
Generally, if a client has connectivity via the control connection but cannot retrieve directory listings or
transfer files, there is an issue with opening the data connection. Try specifying passive mode because
this is permitted by most firewalls.
Another common problem with FTP is being able to transfer small files but not large files, with the
transfer generally failing at the same place or time in every file. Remember that the data connection (and
the transfer) will be closed if the control connection closes; because the control connection is typically
dormant during large file transfers, it is possible for the connection to close in NAT/PAT environments
in which there is a timeout on TCP connections. Increasing the timeout on dormant TCP connections
may resolve this problem. If an FTP client is not properly coded, you may also see this problem.
Because FTP file transfers generally create packets of maximum size, an MTU mismatch problem will
almost always cause file transfers to fail in a single direction (
gets
may fail, but
puts
may work). This
can be caused by a server located on a LAN media that support larger MTUs (such as Token Ring, which
can have an MTU of 4096 or larger). Normally this problem is resolved automatically by fragmentation,
but misconfigurations or having the IP Don't Fragment option set in the IP datagrams can prevent proper
operation.
MAIL (IMAP, POP, and SMTP)
Two types of machines exist in the e-mail universe, and they work in different ways. E-mail servers
communicate with each other using the Simple Mail Transport Protocol (SMTP) to send and receive
mail. The SMTP protocol transports e-mail messages in ASCII format using TCP; it's possible to
connect to an SMTP server by Telnetting to the SMTP port (25). This is a good way to test whether a
mail server is reachable.
When a mail server receives a message destined for a local client, it stores that message and waits for
the client to collect the mail. There are several ways for mail clients to collect their mail: They can use
programs that access the mail server files directly, or they can collect their mail using one of many
network protocols. The most popular mail client protocols are POP3 and IMAP4, which both use TCP
to transport data. Even though mail clients use these special protocols to collect mail, they almost always
use SMTP to send mail. Because two different protocols, and possibly two different servers, are used to
send and receive mail, it is possible that mail clients can perform one task and not the other—so you
should troubleshoot sending and receiving mail separately.
When verifying the configuration of a mail client, both the mail relay (SMTP) server and mail (POP or
IMAP) servers should be verified. The SMTP protocol does not offer much in the way of security and
does not require any sort of authentication, so to prevent unauthorized users from bouncing mail
messages off their servers, administrators don't often allow hosts that are not part of their network to use
their SMTP server to send (or relay) mail.
