Trouble with ASYMETRIC FTP traffic


  I am trying to analyze asymmetric (one sided) FTP traffic. I
have added signatures for identifying FTP traffic, and FTP
commands are getting properly identified. But I am facing
problems when trying to analyze the FTP data traffic. When 227
response comes, the function expect_connection is getting
called. But it looks like the data connection is not getting
identified after that.
  File_Analyzer::DeliverStream is not getting called for the
data transfer.

Can some-body help me out?
I am waiting with my fingers crossed.

Thanks in advance
Bindiya :slight_smile:

  I am trying to analyze asymmetric (one sided) FTP traffic.

It's not clear what you mean by one-sided. If you mean you only see either
the client side or the server side, unfortunately Bro rarely operates well
when faced with only half of the dialog in a connection. Probably what's
failing is that there's no connection_established event because you're
not seeing a SYN/SYN-ACK exchange.