IE6 with Passive FTP: File download fails via Netscreen

You may find when trying to download a file from your FTP server using Internet Explorer 6 with “Folder View Enabled” when using Passive FTP the file download transfer will fail after a short time period.

This can be down to Internet Explorer sending TCP packets with sequence numbers which are outside that of the current TCP window. This in turn causes the FTP file transfer to fail. This can be caused by vendors using non-RFC methods to verify a packets validity or the host sending back badly number packets expecting a return.

You can confirm whether the Netscreen is dropping packets due to this with the following command,

netscreen(M)-> get counter statistics | i (Total|seq)
Total flow counters for interface mgt:

tcp out of seq 0 | mac relearn 0 | no frag sess 0
Total flow counters for interface ethernet1/1:

tcp out of seq 38321 | mac relearn 0 | no frag sess 0
Total flow counters for interface ethernet1/2:


The Netscreen is working by design so you have 3 options :

  1. Disabling TCP sequence checking on the firewall using the command ‘set flow no-tcp-seq-check’
  2. Use an alternative client for Passive FTP downloads.
  3. Use Active FTP
Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial