Análisis de tráfico de una copia TFTP
Se analiza una copia TFTP a travez del protocolo UDP
(no orientado a conexión, pero liviano), los acuses de recibo y la
confiabilidad
la aporta la capa de aplicación.
Escenario con equipos reales, simulable en Packet
Tracer (ver al final).
Aplicable a CCNA 1, módulo 4: Capa de
transporte , CCNA 4, módulo 5: ACL, CCNA Security, módulos 4:
ACL, FW y módulo 5: IPS )
Capturas disponibles en ftp://ftp.vilarrasa.com.ar/
(user/pass: ccna)
Router#copy
startup-config tftp
Address or name of remote
host []? 10.0.0.103
Destination filename
[router-confg]?(enter, toma parametros entre
corchetes)
!!
544 bytes copied in 0.44
secs
Router#sh flash (verificamos sistema operativo del router)
System flash directory:
File Length
Name/status
1 6569400 c1700-k8sv3y-mz.122-6.bin
[6569464 bytes used,
1819144 available, 8388608 total]
8192K bytes of processor
board System flash (Read/Write)
Router#copy flash tftp
Source filename []? c1700-k8sv3y-mz.122-6.bin
Address or name of remote
host []? 10.0.0.103
Destination filename
[c1700-k8sv3y-mz.122-6.bin]? (enter)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
---resumido---
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
6569400 bytes copied in
38.388 secs (172878 bytes/sec)
Router#
TFTP Packets
TFTP supports five types
of packets, all of which have been mentioned above:
opcode operation
1 Read
request (RRQ)
2 Write
request (WRQ)
3 Data
(DATA)
4
Acknowledgment (ACK)
5 Error
(ERROR)
Fuente: RFC 1350 ( http://tools.ietf.org/html/rfc1350
)
No. Time Source
Destination Protocol
Info
1 0.000000
10.0.0.1
10.0.0.103 TFTP Write Request, ///
/// File: router-confg\000, Transfer
type: octet\000
Frame 1 (63 bytes on wire,
63 bytes captured)
Ethernet II, Src:
00:07:50:ef:36:d2 (00:07:50:ef:36:d2), Dst: 00:1b:38:7e:f1:71
(00:1b:38:7e:f1:71)
Internet Protocol, Src: 10.0.0.1
(10.0.0.1), Dst: 10.0.0.103 (10.0.0.103)
User Datagram Protocol,
Src Port: 52681 (52681), Dst Port: 69 (69) (puerto TFTP)
Trivial File Transfer
Protocol
Opcode: Write Request (2)
DESTINATION File: router-confg
Type: octet
No. Time Source
Destination Protocol
Info
4 0.005255 10.0.0.103 10.0.0.1
TFTP Acknowledgement,
Block: 0
Frame 4 (46 bytes on wire,
46 bytes captured)
Ethernet II, Src:
00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 00:07:50:ef:36:d2
(00:07:50:ef:36:d2)
Internet Protocol, Src:
10.0.0.103 (10.0.0.103), Dst: 10.0.0.1 (10.0.0.1)
User Datagram Protocol,
Src Port: 1627 (1627), Dst Port: 52681 (52681) (69 es sólo el puerto inicial,
Trivial File Transfer
Protocol luego
abre un canal de comuni-
Opcode: Acknowledgement (4) -cación
con un port efímero)
Block: 0
No. Time Source
Destination Protocol
Info
5 0.007149
10.0.0.1
10.0.0.103 TFTP Data Packet, Block: 1
Frame 5 (558 bytes on
wire, 558 bytes captured)
Ethernet II, Src:
00:07:50:ef:36:d2 (00:07:50:ef:36:d2), Dst: 00:1b:38:7e:f1:71
(00:1b:38:7e:f1:71)
Internet Protocol, Src:
10.0.0.1 (10.0.0.1), Dst: 10.0.0.103 (10.0.0.103)
User Datagram Protocol,
Src Port: 52681 (52681), Dst Port: 1627 (1627)
Trivial File Transfer
Protocol
Opcode: Data Packet (3)
Block: 1
Data (512 bytes)
No. Time Source
Destination Protocol
Info
6 0.007347
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 1
No. Time Source
Destination Protocol
Info
7 0.009475
10.0.0.1
10.0.0.103 TFTP
Data Packet, Block: 2 (last)
No. Time Source
Destination Protocol
Info
8 0.009583 10.0.0.103 10.0.0.1 TFTP
Acknowledgement, Block: 2
No. Time Source
Destination Protocol
Info
12 48.784863
10.0.0.1
10.0.0.103 TFTP Write Request, ///
///File:
c1700-k8sv3y-mz.122-6.bin
No. Time Source
Destination Protocol
Info
13 48.793203
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 0
No. Time Source
Destination Protocol
Info
14 48.795120
10.0.0.1 10.0.0.103 TFTP Data Packet, Block: 1
No. Time Source
Destination Protocol Info
15 48.795288
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 1
No. Time Source
Destination Protocol
Info
25684 87.165266
10.0.0.1
10.0.0.103 TFTP Data Packet, Block: 12831 (last)
No. Time Source
Destination Protocol
Info
25685 87.165337
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 12831
Copia TFTP con errores de comunicación
Router#copy flash tftp
Source filename
[c1700-k8sv3y-mz.122-6.bin]? (enter)
Address or name of remote
host []? 10.0.0.103
Destination filename
[c1700-k8sv3y-mz.122-6.bin]? (enter)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.....
00:14:52:
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to
down
TFTP: error code 0
received - Undefined error code
%Error writing
tftp://10.0.0.103/c1700-k8sv3y-mz.122-6.bin (Write error)
Router#
TFTP Packets
TFTP supports five types
of packets, all of which have been mentioned above:
opcode operation
1 Read
request (RRQ)
2 Write
request (WRQ)
3 Data
(DATA)
4
Acknowledgment (ACK)
5 Error
(ERROR)
Fuente: RFC 1350 ( http://tools.ietf.org/html/rfc1350
)
No. Time Source
Destination Protocol
Info
1 0.000000
10.0.0.1
10.0.0.103 TFTP Write Request, File: c1700-k8sv....
Frame 1 (76 bytes on wire,
76 bytes captured)
Ethernet II, Src:
00:07:50:ef:36:d2 (00:07:50:ef:36:d2), Dst: 00:1b:38:7e:f1:71
(00:1b:38:7e:f1:71)
Internet Protocol, Src: 10.0.0.1
(10.0.0.1), Dst: 10.0.0.103 (10.0.0.103)
User Datagram Protocol,
Src Port: 57230 (57230), Dst Port: 69 (69) (puerto TFTP)
Trivial File Transfer
Protocol
Opcode: Write Request (2)
DESTINATION File:
c1700-k8sv3y-mz.122-6.bin
Type: octet
No. Time Source
Destination Protocol
Info
2 0.006429
10.0.0.103 10.0.0.1 TFTP Acknowledgement, Block: 0
Frame 2 (46 bytes on wire,
46 bytes captured)
Ethernet II, Src:
00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 00:07:50:ef:36:d2
(00:07:50:ef:36:d2)
Internet Protocol, Src:
10.0.0.103 (10.0.0.103), Dst: 10.0.0.1 (10.0.0.1)
User Datagram Protocol,
Src Port: 1630 (1630), Dst Port: 57230 (57230) (puerto efímero de transferencia)
Trivial File Transfer
Protocol
Opcode: Acknowledgement (4)
Block: 0
No. Time Source
Destination Protocol
Info
3 0.008317
10.0.0.1
10.0.0.103 TFTP Data Packet, Block: 1
Frame 3 (558 bytes on
wire, 558 bytes captured)
Ethernet II, Src:
00:07:50:ef:36:d2 (00:07:50:ef:36:d2), Dst: 00:1b:38:7e:f1:71
(00:1b:38:7e:f1:71)
Internet Protocol, Src:
10.0.0.1 (10.0.0.1), Dst: 10.0.0.103 (10.0.0.103)
User Datagram Protocol,
Src Port: 57230 (57230), Dst Port: 1630 (1630) (puerto lado router nunca cambia)
Trivial File Transfer
Protocol
Opcode: Data Packet (3)
Block: 1
Data (512 bytes)
No. Time Source Destination Protocol Info
4 0.008514
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 1
Frame 4 (46 bytes on wire,
46 bytes captured)
Ethernet II, Src:
00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 00:07:50:ef:36:d2
(00:07:50:ef:36:d2)
Internet Protocol, Src:
10.0.0.103 (10.0.0.103), Dst: 10.0.0.1 (10.0.0.1)
User Datagram Protocol,
Src Port: 1630 (1630), Dst Port: 57230 (57230)
Trivial File Transfer
Protocol
Opcode: Acknowledgement (4)
Block: 1
No. Time Source
Destination Protocol
Info
5 0.010223
10.0.0.1
10.0.0.103 TFTP Data Packet, Block: 2
No. Time Source
Destination Protocol
Info
6 0.010273
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 2
No. Time Source
Destination Protocol
Info
7 0.586924
10.0.0.1
10.0.0.103 TFTP
Data Packet, Block: 284
No. Time Source
Destination Protocol
Info
8 0.586963
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 284
No. Time Source Destination Protocol Info
9 0.588773
10.0.0.1
10.0.0.103 TFTP Data Packet, Block: 285
No. Time Source
Destination Protocol
Info
10 0.589266
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 285
No. Time Source
Destination Protocol
Info
11 1.588474
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 285
No. Time Source
Destination Protocol
Info
12 3.588401
10.0.0.103
10.0.0.1 TFTP Acknowledgement,
Block: 285
No. Time Source
Destination Protocol
Info
13 6.588290
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 285
No. Time Source Destination Protocol Info
14 9.588183
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 285
No. Time Source
Destination Protocol
Info
15 12.588070
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 285
No. Time Source
Destination Protocol
Info
16 15.587961
10.0.0.103
10.0.0.1 TFTP Acknowledgement, Block: 285
No. Time Source
Destination Protocol
Info
17 15.588057
10.0.0.103
10.0.0.1 TFTP Error
Code, Code: Not defined,
Message: Undefined error code\000
Frame 17 (67 bytes on
wire, 67 bytes captured)
Ethernet II, Src:
00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 00:07:50:ef:36:d2
(00:07:50:ef:36:d2)
Internet Protocol, Src:
10.0.0.103 (10.0.0.103), Dst: 10.0.0.1 (10.0.0.1)
User Datagram Protocol,
Src Port: 1630 (1630), Dst Port: 57230 (57230) (no vuelve al puerto 69)
Trivial File Transfer
Protocol
Opcode: Error Code (5)
Error code: Not defined (0)
Error message: Undefined error code
TFTP Packets
TFTP supports five types
of packets, all of which have been mentioned above:
opcode operation
1 Read
request (RRQ)
2 Write
request (WRQ)
3 Data
(DATA)
4
Acknowledgment (ACK)
5 Error (ERROR)
Error Codes:
Value Meaning
0 Not defined,
see error message (if any).
1 File not found.
2 Access
violation.
3 Disk full or
allocation exceeded.
4 Illegal TFTP
operation.
5 Unknown
transfer ID.
6 File already
exists.
7 No such user.
Fuente: RFC 1350 ( http://tools.ietf.org/html/rfc1350
)
Escenario en Packet Tracer
Router#copy ru tftp
Address or name of remote
host []? 10.0.0.103
Destination filename
[Router-confg]? tftp-version-packet.tracer
Writing
running-config....!!
[OK - 460 bytes]
460 bytes copied in 3.078
secs (0 bytes/sec)
Router#
(2012) Tales to sleep from uncle Ernest
Rosario, Argentina