At 07:27 PM 4/17/01 -0600, you wrote: >On Tue, 17 Apr 2001, Crist Clark wrote: > > > > Why the strange port numbers if it was FTP? > > > > Uh... 'cause FTP is a fscked up protocol? I guess you are expecting to > > see port 20? Not if you're doing PASV. > >Port 20 and/or not port 60151. The only client I'm used to on the Linux >side that does PASV by default is ncftp, and I'm not used to seeing 60151 >being allocated by most OSes, unless there is a NAT device in-between, >which shouldn't be the case if the machine using 60151 is the FTP server. > > Ryan Hi all, It looks like Daniel Martin (and Devdas Bhagat, who didn't send to the list) got it pretty much figured out... There is a squid installation on this machine and when these packets were first captured I greped through the logs for the IP address and host name but found nothing. After the talk of .iso images I went back and greped for "\.iso" and sure enough one of the users was FTPing a RedHat 7.0 iso at that time using Netscape. A quick nslookup of the download host showed it was an alias for the machine in question. (doh!) So, I think that is the answer. *Many* thanks, I slept much better last night. -Bill
This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 08:20:50 PDT