Análisis de tráfico de una copia TFTP

 

Se analiza una copia TFTP a travez del protocolo UDP (no orientado a conexión, pero liviano), los acuses de recibo y la confiabilidad

la aporta la capa de aplicación.

 

Escenario con equipos reales, simulable en Packet Tracer (ver al final).

 

 

Aplicable a CCNA 1, módulo 4: Capa de transporte , CCNA 4, módulo 5: ACL, CCNA Security, módulos 4: ACL, FW y módulo 5: IPS )

 

Capturas disponibles en ftp://ftp.vilarrasa.com.ar/ (user/pass: ccna)

 

 

Router#copy startup-config tftp

Address or name of remote host []? 10.0.0.103

Destination filename [router-confg]?(enter, toma parametros entre corchetes)

!!

544 bytes copied in 0.44 secs

Router#sh flash (verificamos sistema operativo del router)

 

System flash directory:

File  Length   Name/status

  1   6569400  c1700-k8sv3y-mz.122-6.bin

[6569464 bytes used, 1819144 available, 8388608 total]

8192K bytes of processor board System flash (Read/Write)

 

Router#copy flash tftp

Source filename []? c1700-k8sv3y-mz.122-6.bin

Address or name of remote host []? 10.0.0.103

Destination filename [c1700-k8sv3y-mz.122-6.bin]? (enter)

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

---resumido---

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

6569400 bytes copied in 38.388 secs (172878 bytes/sec)

Router#

 

TFTP Packets

 

TFTP supports five types of packets, all of which have been mentioned above:

 

          opcode  operation

            1     Read request (RRQ)

            2     Write request (WRQ)

            3     Data (DATA)

            4     Acknowledgment (ACK)

            5     Error (ERROR)

 

Fuente: RFC 1350 ( http://tools.ietf.org/html/rfc1350 )

 

No.     Time        Source                Destination           Protocol Info

      1 0.000000    10.0.0.1              10.0.0.103            TFTP     Write Request, ///

                                                /// File: router-confg\000, Transfer type: octet\000

Frame 1 (63 bytes on wire, 63 bytes captured)

Ethernet II, Src: 00:07:50:ef:36:d2 (00:07:50:ef:36:d2), Dst: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71)

Internet Protocol, Src: 10.0.0.1 (10.0.0.1), Dst: 10.0.0.103 (10.0.0.103)

User Datagram Protocol, Src Port: 52681 (52681), Dst Port: 69 (69) (puerto TFTP)

Trivial File Transfer Protocol

    Opcode: Write Request (2)

    DESTINATION File: router-confg

    Type: octet

 

No.     Time        Source                Destination           Protocol Info

      4 0.005255    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 0

 

Frame 4 (46 bytes on wire, 46 bytes captured)

Ethernet II, Src: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 00:07:50:ef:36:d2 (00:07:50:ef:36:d2)

Internet Protocol, Src: 10.0.0.103 (10.0.0.103), Dst: 10.0.0.1 (10.0.0.1)

User Datagram Protocol, Src Port: 1627 (1627), Dst Port: 52681 (52681) (69 es sólo el puerto inicial,

Trivial File Transfer Protocol                                         luego abre un canal de comuni-

    Opcode: Acknowledgement (4)                                        -cación con un port efímero)

    Block: 0

 

No.     Time        Source                Destination           Protocol Info

      5 0.007149    10.0.0.1              10.0.0.103            TFTP     Data Packet, Block: 1

 

Frame 5 (558 bytes on wire, 558 bytes captured)

Ethernet II, Src: 00:07:50:ef:36:d2 (00:07:50:ef:36:d2), Dst: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71)

Internet Protocol, Src: 10.0.0.1 (10.0.0.1), Dst: 10.0.0.103 (10.0.0.103)

User Datagram Protocol, Src Port: 52681 (52681), Dst Port: 1627 (1627)

Trivial File Transfer Protocol

    Opcode: Data Packet (3)

    Block: 1

    Data (512 bytes)

 

No.     Time        Source                Destination           Protocol Info

      6 0.007347    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 1

No.     Time        Source                Destination           Protocol Info

      7 0.009475    10.0.0.1              10.0.0.103            TFTP     Data Packet, Block: 2 (last)

No.     Time        Source                Destination           Protocol Info

      8 0.009583    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 2

No.     Time        Source                Destination           Protocol Info

     12 48.784863   10.0.0.1              10.0.0.103            TFTP     Write Request, ///

                                                               ///File: c1700-k8sv3y-mz.122-6.bin

No.     Time        Source                Destination           Protocol Info

     13 48.793203   10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 0

No.     Time        Source                Destination           Protocol Info

     14 48.795120   10.0.0.1              10.0.0.103            TFTP     Data Packet, Block: 1

No.     Time        Source                Destination           Protocol Info

     15 48.795288   10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 1

No.     Time        Source                Destination           Protocol Info

  25684 87.165266   10.0.0.1              10.0.0.103            TFTP     Data Packet, Block: 12831 (last)

No.     Time        Source                Destination           Protocol Info

  25685 87.165337   10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 12831

 

Copia TFTP con errores de comunicación

 

 

Router#copy flash tftp

Source filename [c1700-k8sv3y-mz.122-6.bin]? (enter)

Address or name of remote host []? 10.0.0.103

Destination filename [c1700-k8sv3y-mz.122-6.bin]? (enter)

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.....

00:14:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down

 

TFTP: error code 0 received - Undefined error code

 

%Error writing tftp://10.0.0.103/c1700-k8sv3y-mz.122-6.bin (Write error)

 

Router#

 

 

TFTP Packets

 

TFTP supports five types of packets, all of which have been mentioned above:

 

          opcode  operation

            1     Read request (RRQ)

            2     Write request (WRQ)

            3     Data (DATA)

            4     Acknowledgment (ACK)

            5     Error (ERROR)

 

Fuente: RFC 1350 ( http://tools.ietf.org/html/rfc1350 )

 

 

No.     Time        Source                Destination           Protocol Info

      1 0.000000    10.0.0.1              10.0.0.103            TFTP     Write Request, File: c1700-k8sv....

 

Frame 1 (76 bytes on wire, 76 bytes captured)

Ethernet II, Src: 00:07:50:ef:36:d2 (00:07:50:ef:36:d2), Dst: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71)

Internet Protocol, Src: 10.0.0.1 (10.0.0.1), Dst: 10.0.0.103 (10.0.0.103)

User Datagram Protocol, Src Port: 57230 (57230), Dst Port: 69 (69) (puerto TFTP)

Trivial File Transfer Protocol

    Opcode: Write Request (2)

    DESTINATION File: c1700-k8sv3y-mz.122-6.bin

    Type: octet

 

No.     Time        Source                Destination           Protocol Info

      2 0.006429    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 0

 

Frame 2 (46 bytes on wire, 46 bytes captured)

Ethernet II, Src: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 00:07:50:ef:36:d2 (00:07:50:ef:36:d2)

Internet Protocol, Src: 10.0.0.103 (10.0.0.103), Dst: 10.0.0.1 (10.0.0.1)

User Datagram Protocol, Src Port: 1630 (1630), Dst Port: 57230 (57230) (puerto efímero de transferencia)

Trivial File Transfer Protocol

    Opcode: Acknowledgement (4)

    Block: 0

 

No.     Time        Source                Destination           Protocol Info

      3 0.008317    10.0.0.1              10.0.0.103            TFTP     Data Packet, Block: 1

 

Frame 3 (558 bytes on wire, 558 bytes captured)

Ethernet II, Src: 00:07:50:ef:36:d2 (00:07:50:ef:36:d2), Dst: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71)

Internet Protocol, Src: 10.0.0.1 (10.0.0.1), Dst: 10.0.0.103 (10.0.0.103)

User Datagram Protocol, Src Port: 57230 (57230), Dst Port: 1630 (1630) (puerto lado router nunca cambia)

Trivial File Transfer Protocol

    Opcode: Data Packet (3)

    Block: 1

    Data (512 bytes)

 

No.     Time        Source                Destination           Protocol Info

      4 0.008514    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 1

 

Frame 4 (46 bytes on wire, 46 bytes captured)

Ethernet II, Src: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 00:07:50:ef:36:d2 (00:07:50:ef:36:d2)

Internet Protocol, Src: 10.0.0.103 (10.0.0.103), Dst: 10.0.0.1 (10.0.0.1)

User Datagram Protocol, Src Port: 1630 (1630), Dst Port: 57230 (57230)

Trivial File Transfer Protocol

    Opcode: Acknowledgement (4)

    Block: 1

 

No.     Time        Source                Destination           Protocol Info

      5 0.010223    10.0.0.1              10.0.0.103            TFTP     Data Packet, Block: 2

No.     Time        Source                Destination           Protocol Info

      6 0.010273    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 2

No.     Time        Source                Destination           Protocol Info

      7 0.586924    10.0.0.1              10.0.0.103            TFTP     Data Packet, Block: 284

No.     Time        Source                Destination           Protocol Info

      8 0.586963    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 284

No.     Time        Source                Destination           Protocol Info

      9 0.588773    10.0.0.1              10.0.0.103            TFTP     Data Packet, Block: 285

No.     Time        Source                Destination           Protocol Info

     10 0.589266    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 285

No.     Time        Source                Destination           Protocol Info

     11 1.588474    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 285

No.     Time        Source                Destination           Protocol Info

     12 3.588401    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 285

No.     Time        Source                Destination           Protocol Info

     13 6.588290    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 285

No.     Time        Source                Destination           Protocol Info

     14 9.588183    10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 285

No.     Time        Source                Destination           Protocol Info

     15 12.588070   10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 285

No.     Time        Source                Destination           Protocol Info

     16 15.587961   10.0.0.103            10.0.0.1              TFTP     Acknowledgement, Block: 285

No.     Time        Source                Destination           Protocol Info

     17 15.588057   10.0.0.103            10.0.0.1              TFTP     Error Code, Code: Not defined,

                                                                         Message: Undefined error code\000

Frame 17 (67 bytes on wire, 67 bytes captured)

Ethernet II, Src: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 00:07:50:ef:36:d2 (00:07:50:ef:36:d2)

Internet Protocol, Src: 10.0.0.103 (10.0.0.103), Dst: 10.0.0.1 (10.0.0.1)

User Datagram Protocol, Src Port: 1630 (1630), Dst Port: 57230 (57230) (no vuelve al puerto 69)

Trivial File Transfer Protocol

    Opcode: Error Code (5)

    Error code: Not defined (0)

    Error message: Undefined error code

 

TFTP Packets

 

TFTP supports five types of packets, all of which have been mentioned above:

 

          opcode  operation

            1     Read request (RRQ)

            2     Write request (WRQ)

            3     Data (DATA)

            4     Acknowledgment (ACK)

            5     Error (ERROR)

 

Error Codes:

 

   Value     Meaning

 

   0         Not defined, see error message (if any).

   1         File not found.

   2         Access violation.

   3         Disk full or allocation exceeded.

   4         Illegal TFTP operation.

   5         Unknown transfer ID.

   6         File already exists.

   7         No such user.

 

Fuente: RFC 1350 ( http://tools.ietf.org/html/rfc1350 )

 

Escenario en Packet Tracer

 

Router#copy ru tftp

Address or name of remote host []? 10.0.0.103

Destination filename [Router-confg]? tftp-version-packet.tracer

Writing running-config....!!

[OK - 460 bytes]

 

460 bytes copied in 3.078 secs (0 bytes/sec)

Router#

 

 

 

                (2012) Tales to sleep  from uncle Ernest

                Rosario, Argentina