I am trying to establish a capture and I want to exclude passive FTP traffic from the capture. The problem is that in passive ftp the control session is well defined and there is no problem excluding it from the capture.But the data session is allowed by the full state firewall traffic inspection, meaning that the pair of ports used for the data session are dinamically established during the control session connection. Is there a way to exclude the whole ftp traffic from the capture?
I am using for example the following access list in the capture:
- First connection from the the client to server is from client random high port to server tcp port 21, command & control port,
- Second connection from the client to server will be from client random high-port to server random high port specified by the server. In this case, you are talking about > 1024 ports on both client and server.
I am trying to capture all the traffic EXCEPT the ftp traffic .
Since passive ftp data traffic is allowed through ftp inspection once the control session is established I am not worried capturing it in order to create my access lists.
BUT when I create a long term capture (in order to verify which traffic I should permit through access-lists) and exclude the traffic on port 21 , the ftp data traffic still shows up since the from and to ports for data communication are decided during the control session connection.
My question is: Is there a way to exclude FTP data traffic from the capture
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...