LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-13-2012, 01:58 PM   #1
transient
LQ Newbie
 
Registered: Aug 2011
Posts: 17

Rep: Reputation: Disabled
Why is ProFTPD responding to active connections using Covia?


Hi all-

I Googled for Covia/port 64 and didn't get any information that was either useful or that I could understand. Entirely possible my Google Fu is weak so I get it if you respond with a link you found on Google that you feel explains this.

I installed ProFTPD on my Ubuntu server. Using Wireshark I'm seeing that when my PC initiates an active FTP session to my server, the responding port (the data connection port) on the server is not port 20 as I would expect, but port 64, which belongs to some process called Covia.

Quote:
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 49296 (49296), Seq: 229, Ack: 73, Len: 0
Source port: covia (64)
Destination port: 49298 (49298)
Any idea why this is? I was able to find that Covia is a "Communications Integrator" but no info as to why it's the one handling the other end of my FTP connection. Not even specifically if it's something ProFTPD installs. Is anyone else running ProFTPD that has seen this? Should I be concerned?
 
Old 04-13-2012, 05:01 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,947
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
Port name resolution is by default based on the /etc/services "database". The file contains official (IANA) and local assignments. Since these are static (as opposed to active probing) port - name pairs resolution can be off at times. IMO the easiest way to confirm it actually is FTP-ish traffic and not the Covia Communications Integrator protocol would be to have Wiresharks FTP traffic dissector display actual packet capture contents.
 
  


Reply

Tags
proftpd, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Proftpd passive connections gabsik Linux - Networking 5 06-18-2006 06:18 AM
Connections to localhost responding very slowly walmartshopper Linux - Networking 3 04-20-2006 08:26 PM
Slow proftpd Connections carmstrong Linux - Software 3 05-22-2004 07:02 AM
Telnet/SSH screen stops responding after a while but the session is still active alllle Linux - Networking 4 05-04-2004 12:52 PM
proftpd not accepting outside connections sohmc Linux - Software 0 07-18-2003 07:40 AM


All times are GMT -5. The time now is 12:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration