File Transfer Protocol - FTP

Introduction

File transfer is among the most frequently used TCP/IP applications and it accounts for a lot of the network traffic on the Internet. Various standard file transfer protocols existed even before the Internet was available to everyone and it was these early versions of the file transfer software that helped create today's standard known as the File Transfer Protocol (FTP). Most recent specifications of the protocol are listed in RFC 959.

The Protocol

FTP uses TCP as a transport protocol. This means that FTP inherits TCP's robustness and is very reliable for transferring files. Chances are if you download files, you've probably used ftp a few hundred times without realising it ! And if you have a huge warez collection, then make that a couple of thousand times :)

The picture below shows where FTP stands in contrast to the OSI model. As I have noted in other sections, it's important to understand the concept of the OSI model, because it will greatly help you understand all this too :)

Now, we mentioned that FTP uses TCP as a transport, but we didn't say which ports it uses! Port numbers 21 and 20 are used for FTP. Port 21 is used to establish the connection between the 2 computers (or hosts) and port 20 to transfer data (via the Data channel).

But there are some instances where port 21 is used for both, establishing a connection and data transfer and I will analyse them shortly.

 

The best thing you can do to "see" it yourself is to grab a packet sniffer which you will conveniently find in our download section and try to capture a few packets while you're ftp'ing to a site.

Both Ports - 20 and 21 - Active FTP Mode

I have included a screenshot from my workstation which clearly shows the 2 ports used. In the example, I have ftp'ed into ftp.cdrom.com. Please click here to view the full picture

 

Only Port 21 - Passive FTP Mode

Now, in the next picture I ftp'ed into my NetWare server here at home and guess what .... Only Port 21 was used ! Here is the screen shot:

Please click here to view the full picture.

Let me explain why this is happening:

FTP has two separate modes of operation: Active and Passive. You will use either one depending on whether your PC is behind a firewall.

Active Mode FTP

Active mode is usually used when there isn't any firewall between you and the FTP server. In such cases you have a direct connection to the Internet. When you (the client) try to establish a connection to a FTP server, your workstation includes a second port number (using the PORT command) that is used when data is to be exchanged, this is known as the Data Channel.

The FTP server then starts the exchange of data from its own port 20 to whatever port was designated by your workstation (in the screen shot, my workstation used port 1086), and because the server initiated the communication, it's not controlled by the workstation client. This can also potentially allow uninvited data to arrive to your computer from anywhere posing as a normal FTP transfer. This is one of the reasons Passive FTP is more secure.
 

Passive Mode FTP

Using normal or passive FTP, a client begins a session by sending a request to communicate through TCP port 21, the port that is conventionally assigned for this use at the FTP server. This communication is known as the Control Channel connection.
 

At this point, a PASV command is sent instead of a PORT command. Instead of specifying a port that the server can send to, the PASV command asks the server to specify a port it wishes to use for the Data Channel connection. The server replies on the Control Channel with the port number which the client then uses to initiate an exchange on the Data Channel. The server will thus always be responding to client-initiated requests on the Data Channel and the firewall can correlate these.

It's simple to configure your client FTP program to use either Active or Passive FTP. For example, in Cute FTP, you can set your program to use Passive FTP by going to FTP--> Settings --> Options and then selecting the "Firewall" tab :

If you remove the above options, then your workstation will be using (if possible) Active FTP mode, and I say "if possible" cause if your already behind a firewall, there is probably no way you will be using Active FTP, so the program will automatically change to Passive FTP mode.
 

So let's have a look at the process of a computer establishing an FTP connection with a server: .

..................

The above is assuming a direct connection to the FTP server. For simplicity reasons, we are looking at the way the FTP connection is created and not worring if it's a Passive or Active FTP connection. Since FTP is using TCP as a transport, you would expect to see the 3-way handshake. Once that is completed and there is data connection established, the client will send its login name and then password. After the authentication sequence is finished and the user is authenticated to the Server, it's allowed access and is ready to leach the site dry :)

Finally, below are the most commonly used FTP commands:

ABOR: abort previous FTP command

LIST and NLST: list file and directories

DELE: delete a file

RMD: remove a directory

MKD: create a directory

PWD: print current working directory ( show you which dir. your at)

PASS: send password

PORT: request open port number on specific IP address/port number

QUIT: log off from server

RETR: retrieve file

STOR: send or put file

SYST: identity system type

TYPE: specify type (A for ASCII, I for binary)

USER: send username

And that just about complete's our analysis on the FTP protocol !

Back

Top

Next - TFTP

  Networking Menu  
    Firewall    
    Networking    
    Cabling    
    Protocols    
    Routing     
    Routers    
    Ethernet      
    Fast Ethernet    
 
   Introduction   
   Introduction   
   Introduction   
   Firewall Topologies   
   Firewall Topologies   
   Firewall Topologies   
   The DMZ Zone   
   The DMZ Zone   
   The DMZ Zone   
   DoS & DDoS Attacts   
   DoS & DDoS Attacts   
   DoS & DDoS Attacts   
   Locking Win9x
   Locking Win9x
   Locking Win9x
   Network Add Translation   
   Network Add Translation   
   Network Add Translation   
 
   Introduction   
   Introduction   
   Introduction   
   The NAT Concept   
   The NAT Concept   
   The NAT Concept   
   The NAT Table   
   The NAT Table   
   The NAT Table   
   Static NAT (Part 1)
   Static NAT (Part 1)
   Static NAT (Part 1)
   Static NAT (Part 2)
   Static NAT (Part 2)
   Static NAT (Part 2)
   Dynamic NAT (Part1)
   Dynamic NAT (Part1)
   Dynamic NAT (Part1)
   Dynamic NAT (Part2)
   Dynamic NAT (Part2)
   Dynamic NAT (Part2)
   Overload NAT/PAT (part1)
   Overload NAT/PAT (part1)
   Overload NAT/PAT (part1)
   Overload NAT/PAT (part2)   
   Overload NAT/PAT (part2)   
   Overload NAT/PAT (part2)   
 
   General   
   General   
   General   
   Data Transmission   
   Data Transmission   
   Data Transmission   
   IP Subnetting   
   IP Subnetting   
   IP Subnetting   
   Supernetting   
   Supernetting   
   Supernetting   
 
   Introduction   
   Introduction   
   Introduction   
   Topologies   
   Topologies   
   Topologies   
 
   Introduction   
   Introduction   
   Introduction   
   Mac Addresses   
   Mac Addresses   
   Mac Addresses   
   Broadcast B   
   Broadcast B   
   Broadcast B   
   Multicast   
   Multicast   
   Multicast   
   Multicast IP List  
   Multicast IP List  
   Multicast IP List  
   Unicast V   
   Unicast V   
   Unicast V   
   Controlling Multicast & Broadcast   
   Controlling Multicast & Broadcast   
   Controlling Multicast & Broadcast   
 
   Introduction   
   Introduction   
   Introduction   
   Basic Concept   
   Basic Concept   
   Basic Concept   
   Subnet Mask Effect   
   Subnet Mask Effect   
   Subnet Mask Effect   
   Subnet Mask Bit   
   Subnet Mask Bit   
   Subnet Mask Bit   
   Subnet Routing & Communications   
   Subnet Routing & Communications   
   Subnet Routing & Communications   
   Subnetting Guidlines   
   Subnetting Guidlines   
   Subnetting Guidlines   
 
   Introduction   
   Introduction   
   Introduction   
   In Depth Analysis   
   In Depth Analysis   
   In Depth Analysis   
   Supernetting Chart   
   Supernetting Chart   
   Supernetting Chart   
   Securing Your Home Network   
   Securing Your Home Network   
   Securing Your Home Network   
 
   Introduction   
   Introduction   
   Introduction   
   UTP CAT 1/2/3/4/5/6 Cable   
   UTP CAT 1/2/3/4/5/6 Cable   
   UTP CAT 1/2/3/4/5/6 Cable   
   UTP Straight Through Cable   
   UTP Straight Through Cable   
   UTP Straight Through Cable   
   UTP X-over Cable   
   UTP X-over Cable   
   UTP X-over Cable   
   Fiber Optic Cable   
   Fiber Optic Cable   
   Fiber Optic Cable   
   10Base T/2/F/5/35   
   10Base T/2/F/5/35   
   10Base T/2/F/5/35   
   100Base T/TX/T4/FX   
   100Base T/TX/T4/FX   
   100Base T/TX/T4/FX   
   Direct Cable Connection (DCC)   
   Direct Cable Connection (DCC)   
   Direct Cable Connection (DCC)   
 
   Introduction   
   Introduction   
   Introduction   
   Serial DCC    
   Serial DCC    
   Serial DCC    
   Parallel DCC   
   Parallel DCC   
   Parallel DCC   
   USB DCC   
   USB DCC   
   USB DCC   
   Important Notes For DCC    
   Important Notes For DCC    
   Important Notes For DCC    
 
   Introduction   
   Introduction   
   Introduction   
   TCP   
   TCP   
   TCP   
   In Depth TCP Analysis   
   In Depth TCP Analysis   
   In Depth TCP Analysis   
   DNS   
   DNS   
   DNS   
   DNS Server Setup (Unix-BIND)   
   DNS Server Setup (Unix-BIND)   
   DNS Server Setup (Unix-BIND)   
   ICMP   
   ICMP   
   ICMP   
   Internet Protocol (IP)   
   Internet Protocol (IP)   
   Internet Protocol (IP)   
   The OSI Model   
   The OSI Model   
   The OSI Model   
 
   Introduction    
   Introduction    
   Introduction    
   A Transport Protocol   
   A Transport Protocol   
   A Transport Protocol   
   Quick Overview    
   Quick Overview    
   Quick Overview    
   TCP Header / Segment   
   TCP Header / Segment   
   TCP Header / Segment   
 
   Introduction    
   Introduction    
   Introduction    
   Source & Destination Port    
   Source & Destination Port    
   Source & Destination Port    
   Sequence & Ack. Numbers   
   Sequence & Ack. Numbers   
   Sequence & Ack. Numbers   
   Header Length    
   Header Length    
   Header Length    
   TCP Flag Options   
   TCP Flag Options   
   TCP Flag Options   
   Window, Checksum, Urgent Flags   
   Window, Checksum, Urgent Flags   
   Window, Checksum, Urgent Flags   
   TCP Options   
   TCP Options   
   TCP Options   
   Data    
   Data    
   Data    
   UDP    
   UDP    
   UDP    
   FTP   
   FTP   
   FTP   
   TFTP   
   TFTP   
   TFTP   
 
   Introduction   
   Introduction   
   Introduction   
   The DNS Protocol   
   The DNS Protocol   
   The DNS Protocol   
   The DNS Resolution Process   
   The DNS Resolution Process   
   The DNS Resolution Process   
   DNS Query Messages   
   DNS Query Messages   
   DNS Query Messages   
   DNS Response Messages   
   DNS Response Messages   
   DNS Response Messages   
 
   Introduction   
   Introduction   
   Introduction   
   The db.domain file   
   The db.domain file   
   The db.domain file   
   The db.addr file   
   The db.addr file   
   The db.addr file   
   Other Common Files   
   Other Common Files   
   Other Common Files   
   Slave DNS Server   
   Slave DNS Server   
   Slave DNS Server   
   DNS Caching   
   DNS Caching   
   DNS Caching   
 
   Introduction    
   Introduction    
   Introduction    
   ICMP Echo/Echo Reply (ping)    
   ICMP Echo/Echo Reply (ping)    
   ICMP Echo/Echo Reply (ping)    
   ICMP Destination Unreachable    
   ICMP Destination Unreachable    
   ICMP Destination Unreachable    
   ICMP Source Quench    
   ICMP Source Quench    
   ICMP Source Quench    
   ICMP Redirect   
   ICMP Redirect   
   ICMP Redirect   
   ICMP Time Exceeded   
   ICMP Time Exceeded   
   ICMP Time Exceeded   
 
   Introduction   
   Introduction   
   Introduction   
   Binary & IP   
   Binary & IP   
   Binary & IP   
   The IP Header   
   The IP Header   
   The IP Header   
   IP Classes   
   IP Classes   
   IP Classes   
 
   Introduction   
   Introduction   
   Introduction   
   Layer 1   
   Layer 1   
   Layer 1   
   Layer 2   
   Layer 2   
   Layer 2   
   Layer 3   
   Layer 3   
   Layer 3   
   Layer 4   
   Layer 4   
   Layer 4   
   Layer 5   
   Layer 5   
   Layer 5   
   Layer 6   
   Layer 6   
   Layer 6   
   Layer 7   
   Layer 7   
   Layer 7   
   Layer Encapsulation & Decapsulation    
   Layer Encapsulation & Decapsulation    
   Layer Encapsulation & Decapsulation    
 
   Introduction   
   Introduction   
   Introduction   
   Routed Protocols   
   Routed Protocols   
   Routed Protocols   
   IP Routing   
   IP Routing   
   IP Routing   
   Routing Protocols   
   Routing Protocols   
   Routing Protocols   
 
   Introduction   
   Introduction   
   Introduction   
   Distance Vector Routing Protocols   
   Distance Vector Routing Protocols   
   Distance Vector Routing Protocols   
   Link State Routing Protocols   
   Link State Routing Protocols   
   Link State Routing Protocols   
   Hybrid Routing Protocols   
   Hybrid Routing Protocols   
   Hybrid Routing Protocols   
   OSPF Routing Protocol   
   OSPF Routing Protocol   
   OSPF Routing Protocol   
   RIP Routing Protocol   
   RIP Routing Protocol   
   RIP Routing Protocol   
   IGRP Routing Protocol   
   IGRP Routing Protocol   
   IGRP Routing Protocol   
   EIGRP Routing Protocol   
   EIGRP Routing Protocol   
   EIGRP Routing Protocol   
   Connectivity Devices   
   Connectivity Devices   
   Connectivity Devices   
 
   Hubs & Repeaters   
   Hubs & Repeaters   
   Hubs & Repeaters   
   Switches & Bridges   
   Switches & Bridges   
   Switches & Bridges   
 
   Introduction   
   Introduction   
   Introduction   
   Cisco Basics   
   Cisco Basics   
   Cisco Basics   
   Cisco Modes   
   Cisco Modes   
   Cisco Modes   
 
   Introduction   
   Introduction   
   Introduction   
   User Exec Mode    
   User Exec Mode    
   User Exec Mode    
   User Privileged Mode   
   User Privileged Mode   
   User Privileged Mode   
 
   Introduction   
   Introduction   
   Introduction   
   Frame Formats   
   Frame Formats   
   Frame Formats   
   Collisions   
   Collisions   
   Collisions   
 
   Introduction   
   Introduction   
   Introduction   
   Ethernet 802.3    
   Ethernet 802.3    
   Ethernet 802.3    
   Ethernet II   
   Ethernet II   
   Ethernet II   
   Ethernet 802.3 SNAP   
   Ethernet 802.3 SNAP   
   Ethernet 802.3 SNAP   
   Ethernet 802.3 Raw (Novell)   
   Ethernet 802.3 Raw (Novell)   
   Ethernet 802.3 Raw (Novell)   
   Media Access   
   Media Access   
   Media Access   
 
   Introduction    
   Introduction    
   Introduction    
   Early Collisions    
   Early Collisions    
   Early Collisions    
   Late Collisions    
   Late Collisions    
   Late Collisions    
   Propagation Delay    
   Propagation Delay    
   Propagation Delay    
   Frame Corruption   
   Frame Corruption   
   Frame Corruption   
   Interframe Gap    
   Interframe Gap    
   Interframe Gap    
   Signal Encoding    
   Signal Encoding    
   Signal Encoding    
 
   Introduction    
   Introduction    
   Introduction    
   10/100 Mbits   
   10/100 Mbits   
   10/100 Mbits   
   Integration   
   Integration   
   Integration   
   Migration   
   Migration   
   Migration   
   The Fast Ethernet Model   
   The Fast Ethernet Model   
   The Fast Ethernet Model   
   Troubleshooting    
   Troubleshooting    
   Troubleshooting