remote ftp ssl access failed
-
Well if they don't send you a server hello - then no you would not be able to connect.
A sniff will show you what pfsense sees on its wan in return.. There would be no reason pfsense would not send this traffic to your client if it actually got it..
-
@johnpoz do i have to use wireshark or can i use logs generated by pfsense?
thanks. -
No you sniff with pfsense (diagnostic packet capture) - its just the log they show in that output even with full info set is going to be hard to read.. Just do the sniff and then download it and open it with wireshark.. Makes it much easier to view/read/understand, etc.
You can set it to only capture the IP of the ftps server.. 195.144.107.198 so its not all that big.. And has only the data your interested in vs all the other traffic that flowing.
You will have to tell wireshark not to decode it as ftp - which is what it will most likely auto do.. Then it would look like this..
What your interested in is the tls stuff - so telling wireshark not to decode as ftp will make it easier to see the tls stuff..
The view the package capture ok depending on what specific your looking for - but for something like this download the capture and use your fav network analyzer.. Unless you think you could make heads or talls of this ;)
-
This post is deleted! -
-
That is not the wan.. Do the packet capture on pfsense.. Just download it to view in wireshark..
And I showed you exactly how to disable the ftp decode wireshark is doing..
But even that can see 195.x sending you a FIN... Closing the session..
-
@johnpoz I have installed wireshark on the server where I use Filezilla, from this server can I connect wireshark to control the pfsense WAN traffic or do I have to install wireshark on pfsense?
Thanks. -
Dude look at the picture I posted... You can do the packet capture right on pfsense... Then just download the pcap and open it with wireshark on any machine you want..
see the post from above
in pfsense here
-
@johnpoz now I followed your instructions, in pfsense I captured the packages, I downloaded the file which I then opened in whireshark, I attach the result.
Thanks.
-
I don't see you sending client hello there, your sending fin,ack - means done with this conversation.
-
@johnpoz in Filezilla I try the ftp connection and the exchanged packets are the ones I sent you, I also tried from another PC and the result is the same.
What can I try?
thank you -
Well if your client is not sending hello, and just closing the connection.. That is on the client.
Can you post up packet capture from your test machine.. This will only have your local IP and the servers IP in, so I can take a look and compare to mine.. As you saw in my sniff client hello is sent.. Your log shows sent, but its not what the sniff shows.
You should be able to attach your sniff, or post it else where and let me know the link, etc.
-
-
@johnpoz how can i send the file?
-
@sasa1 just upload it
-
@johnpoz 
-
-
@johnpoz I have tried several times to upload file but it always remains in this state.
-
How big is the file? Should be pretty tiny.. mine like 17KB
Upload it elsewhere, googledrive, dropbox, I will PM you my email.. just email it too me.
-
@johnpoz ok thanks, I'm waiting for your email.
