How does ftp passive mode work?  Be able to
explain the following tcpdump trace.

---------------------------------------------------------------------
1. tcpdump capture of ftp passive mode exchange

Script started on Mon Nov 18 09:39:31 2002
;root@zymurgy:/tmp[root@zymurgy tmp]# tcpdump -vvv -X -s 1500 tcp
tcpdump: listening on eth0

1. PASV sent on control channel
09:39:47.770777 zymurgy.cs.pdx.edu.57792 > sirius.cs.pdx.edu.ftp: P [tcp sum ok] 2497350814:2497350820(6) ack 2719737418 win 7504 <nop,nop,timestamp 234196774 437526756> (DF) [tos 0x10]  (ttl 64, id 55372, len 58)
0x0000	 4510 003a d84c 4000 4006 b88c 83fc d1a2	E..:.L@.@.......
0x0010	 83fc d039 e1c0 0015 94da 8c9e a21b e64a	...9...........J
0x0020	 8018 1d50 9b1f 0000 0101 080a 0df5 8f26	...P...........&
0x0030	 1a14 20e4 5041 5356 0d0a               	....PASV..

2. server ftp ACK on control channel: IP/port included in ASCII "human" message

09:39:47.780777 sirius.cs.pdx.edu.ftp > zymurgy.cs.pdx.edu.57792: P [tcp sum ok] 1:51(50) ack 6 win 40001 <nop,nop,timestamp 437538739 234196774> (DF) [tos 0x10]  (ttl 63, id 2436, len 102)
0x0000	 4510 0066 0984 4000 3f06 8829 83fc d039	E..f..@.?..)...9
0x0010	 83fc d1a2 0015 e1c0 a21b e64a 94da 8ca4	...........J....
0x0020	 8018 9c41 1c4a 0000 0101 080a 1a14 4fb3	...A.J........O.
0x0030	 0df5 8f26 3232 3720 456e 7465 7269 6e67	...&227.Entering
0x0040	 2050 6173 7369 7665 204d 6f64 6520 2831	.Passive.Mode.(1
0x0050	 3331 2c32 3532 2c32 3038 2c35 372c 3632	31,252,208,57,62
0x0060	 2c31 3129 0d0a                         	,11)..

3. client sends TCP ACK

09:39:47.780777 zymurgy.cs.pdx.edu.57792 > sirius.cs.pdx.edu.ftp: . [tcp sum ok] 6:6(0) ack 51 win 7504 <nop,nop,timestamp 234196775 437538739> (DF) [tos 0x10]  (ttl 64, id 55373, len 52)
0x0000	 4510 0034 d84d 4000 4006 b891 83fc d1a2	E..4.M@.@.......
0x0010	 83fc d039 e1c0 0015 94da 8ca4 a21b e67c	...9...........|
0x0020	 8010 1d50 1cc7 0000 0101 080a 0df5 8f27	...P...........'
0x0030	 1a14 4fb3                              	..O.

4. client connects to server at specified port, 15883

09:39:47.780777 zymurgy.cs.pdx.edu.57794 > sirius.cs.pdx.edu.15883: S [tcp sum ok] 2646055403:2646055403(0) win 5840 <mss 1460,sackOK,timestamp 234196775 0,nop,wscale 0> (DF) (ttl 64, id 5836, len 60)
0x0000	 4500 003c 16cc 4000 4006 7a1b 83fc d1a2	E..<..@.@.z.....
0x0010	 83fc d039 e1c2 3e0b 9db7 99eb 0000 0000	...9..>.........
0x0020	 a002 16d0 92d4 0000 0204 05b4 0402 080a	................
0x0030	 0df5 8f27 0000 0000 0103 0300          	...'........

5. server SYN

09:39:47.780777 sirius.cs.pdx.edu.15883 > zymurgy.cs.pdx.edu.57794: S [tcp sum ok] 1451221718:1451221718(0) ack 2646055404 win 40001 <nop,nop,timestamp 437538739 234196775,nop,wscale 4,nop,nop,sackOK,mss 1460> (DF) (ttl 63, id 2437, len 64)
0x0000	 4500 0040 0985 4000 3f06 885e 83fc d039	E..@..@.?..^...9
0x0010	 83fc d1a2 3e0b e1c2 567f e2d6 9db7 99ec	....>...V.......
0x0020	 b012 9c41 582a 0000 0101 080a 1a14 4fb3	...AX*........O.
0x0030	 0df5 8f27 0103 0304 0101 0402 0204 05b4	...'............

6. client ACK of SYN

09:39:47.780777 zymurgy.cs.pdx.edu.57794 > sirius.cs.pdx.edu.15883: . [tcp sum ok] 1:1(0) ack 1 win 5840 <nop,nop,timestamp 234196775 437538739> (DF) (ttl 64, id 5837, len 52)
0x0000	 4500 0034 16cd 4000 4006 7a22 83fc d1a2	E..4..@.@.z"....
0x0010	 83fc d039 e1c2 3e0b 9db7 99ec 567f e2d7	...9..>.....V...
0x0020	 8010 16d0 1e6b 0000 0101 080a 0df5 8f27	.....k.........'
0x0030	 1a14 4fb3                              	..O.

7. client asks server for file on control channel (RETR README)

09:39:47.780777 zymurgy.cs.pdx.edu.57792 > sirius.cs.pdx.edu.ftp: P [tcp sum ok] 6:19(13) ack 51 win 7504 <nop,nop,timestamp 234196775 437538739> (DF) [tos 0x10]  (ttl 64, id 55374, len 65)
0x0000	 4510 0041 d84e 4000 4006 b883 83fc d1a2	E..A.N@.@.......
0x0010	 83fc d039 e1c0 0015 94da 8ca4 a21b e67c	...9...........|
0x0020	 8018 1d50 7d2c 0000 0101 080a 0df5 8f27	...P},.........'
0x0030	 1a14 4fb3 5245 5452 2052 4541 444d 450d	..O.RETR.README.
0x0040	 0a                                     	.

8. server underway message on control channel.

09:39:47.780777 sirius.cs.pdx.edu.ftp > zymurgy.cs.pdx.edu.57792: P [tcp sum ok] 51:116(65) ack 19 win 40001 <nop,nop,timestamp 437538739 234196775> (DF) [tos 0x10]  (ttl 63, id 2438, len 117)
0x0000	 4510 0075 0986 4000 3f06 8818 83fc d039	E..u..@.?......9
0x0010	 83fc d1a2 0015 e1c0 a21b e67c 94da 8cb1	...........|....
0x0020	 8018 9c41 0afc 0000 0101 080a 1a14 4fb3	...A..........O.
0x0030	 0df5 8f27 3135 3020 4f70 656e 696e 6720	...'150.Opening.
0x0040	 4249 4e41 5259 206d 6f64 6520 6461 7461	BINARY.mode.data
0x0050	 2063 6f6e 6e65 6374 696f 6e20 666f 7220	.connection.for.
0x0060	 5245 4144 4d45 2028 3430 3220 6279 7465	README.(402.byte
0x0070	 7329 2e0d 0a                           	s)...

9.  data exchange ...
09:39:47.780777 sirius.cs.pdx.edu.15883 > zymurgy.cs.pdx.edu.57794: P [tcp sum ok] 1:403(402) ack 1 win 40001 <nop,nop,timestamp 437538739 234196775> (DF) [tos 0x10]  (ttl 63, id 2439, len 454)
0x0000	 4510 01c6 0987 4000 3f06 86c6 83fc d039	E.....@.?......9
0x0010	 83fc d1a2 3e0b e1c2 567f e2d7 9db7 99ec	....>...V.......
0x0020	 8018 9c41 6a9d 0000 0101 080a 1a14 4fb3	...Aj.........O.
0x0030	 0df5 8f27 0a57 6520 6172 6520 7275 6e6e	...'.We.are.runn
0x0040	 696e 6720 6120 6e65 7720 6674 7020 7365	ing.a.new.ftp.se

... 

10. server tells client data xchange is done ...
09:39:47.820777 sirius.cs.pdx.edu.ftp > zymurgy.cs.pdx.edu.57792: P [tcp sum ok] 116:140(24) ack 19 win 40001 <nop,nop,timestamp 437538742 234196779> (DF) [tos 0x10]  (ttl 63, id 2442, len 76)
0x0000	 4510 004c 098a 4000 3f06 883d 83fc d039	E..L..@.?..=...9
0x0010	 83fc d1a2 0015 e1c0 a21b e6bd 94da 8cb1	................
0x0020	 8018 9c41 ce6a 0000 0101 080a 1a14 4fb6	...A.j........O.
0x0030	 0df5 8f2b 3232 3620 5472 616e 7366 6572	...+226.Transfer
0x0040	 2063 6f6d 706c 6574 652e 0d0a          	.complete...

--------------------------------------------------------------------------

2. ftp level looked like this:

note: linux ftp.  passive mode is ON by default.
note: 15883, is 62 * 256 + 11.

ftp> passive
Passive mode on.
ftp> get README
local: README remote: README
227 Entering Passive Mode (131,252,208,57,62,11)
150 Opening BINARY mode data connection for README (402 bytes).
226 Transfer complete.
402 bytes received in 0.000268 secs (1.5e+03 Kbytes/sec)