Table of Contents
File Transfer Protocol (FTP)
File Transfer Protocol allows a user to copy files to/from remote hosts.
- Client program connects to FTP server
- It provides a login id and password
- It allows the user to explore the directories and download and upload files with the server
A predecessor of the Web (RFC 959 in 1985)
- Requires user to know the name of the server machine and have an account on the machine
- Able to find the directory where the files are stored
- Knows whether the file is text or binary
- knows what tool to run to render and edit the file
- That is, no URL, hypertext, and helper applications.
FTP: Connection Methods
Control / Data Connections
Control connection
- A communication path between the Client and Server for the exchange of commands & replies
- FTP Server Port 21
- Connection stays up during the whole session, in which many files may be transferred
Data connection
- A full duplex connection over which data is transferred, in a specified mode and type
- FTP Server Port 20 (for active FTP)
- Usually one for each file transfer
FTP: Modes
Active Mode:
- Server initiates data connection to the client
- FTP Client opens a dynamic port.
- Client sends the FTP command PORT to the FTP server on which it is listening on the control stream and waits for the connection from the FTP server:
PORT h1,h2,h3,h4,p1,p2
h1,h2,h3,h4 is the client’s IP address, p1,p2 is the client port number in an 8 bit high, low bit order.
- The Server will then connect back to the client’s specified data port from its local data port (port 20)
Example:
A client with an IP of 192.168.0.1, listening on port 49154 for the data connection will send the command “PORT 192,168,0,1,192,2”. The port fields should be interpreted as p1×256 + p2 = port, or, in this example, 192×256 + 2 = 49154.
Passive Mode:
- Client initiates the data connection to the server.
- FTP server opens the dynamic port, sends the FTP client the server’s IP address and the port number on which it is listening on the control stream and waits for the connection from the FTP client.
- Client issues the PASV command to the server.
- The server then opens a random port and sends Reply Code 227 back to the client. (similar to PORT command).
- The client then deciphers this reply and when data connection is required, attempts to initiate the connection to the server at this address.
FTP commands
- Commands and Replies are sent across the control connection and are in plain text.
- Commands are 3 or 4 bytes characters, each with optional parameters.
- The FTP commands specify the parameters for:
- the data connection (port)
- transfer mode
- data representation type and structure
- the nature of file system operation (store, retrieve,
- append, delete, etc.)
Sample FTP Commands
Access Control:
USER User identification
PORT Data port specification
TYPE Data representation (ASCII, EBCDIC, Image)
QUIT Terminates a USER and the control connection
Transfer:
MODE Transfer mode (Stream, Block, Compress)
RETR Server -> Client file transfer
STOR Client -> Server file transfer
Service:
DELE Deletes a Server file
LIST Directory listing
RNFR Renames from <old file name>
RNTO Renames to <new file name>
(RNFR must be immediately followed by a RNTO command)
Data Formats
There are two data formats transfer modes:
- ASCII mode: Any form of data that is not plain text will be corrupted. When a file is sent using an ASCII-type transfer, the individual letters, numbers, and characters are sent using their ASCII character codes. The receiving machine saves these in a text file in the appropriate format (for example, a Unix machine saves it in a Unix format, a Windows machine saves it in a Windows format). Hence if an ASCII transfer is used it can be assumed plain text is sent, which is stored by the receiving computer in its own format. By default, Client use ASCII mode.
- Binary mode: In “Binary mode”, the sending machine sends each file byte for byte and as such the recipient stores the bytestream as it receives it. (The FTP standard calls this “IMAGE” or “I” mode)
EBCDIC mode and the Local mode is also used by some legacy mainframe systems.
FTP return codes
- 1yz Positive preliminary reply
- 2yz Positive completion reply (a new command may be sent)
- 3yz Positive intermediate reply (another command must be sent)
- 4yz Transient negative reply (command can be re- issued later)
- 5yz Permanent negative reply (command should not be retried)
- x0z Syntax error
- x1z Information
- x2z Connections
- x3z Authentication and accounting
- x4z Unspecified
- x5z File system status
Criticism of FTP
- Passwords and file contents are sent in clear text, which can be intercepted by eavesdroppers. Remedy: Using SSL, TLS or Kerberos
- Multiple TCP/IP connections are used, one for the control connection, and one for each download, upload, or directory listing. Firewalls may need additional logic and/or configuration changes to account for these connections.
- It is hard to filter active mode FTP traffic on the client side by using a firewall, since the client must open an arbitrary port in order to receive the connection. This problem is largely resolved by using passive mode FTP.
- It is possible to abuse the protocol’s built-in proxy features to tell a server to send data to an arbitrary port of a third computer.
- FTP is a high latency protocol due to the number of commands needed to initiate a transfer.
- No integrity check on the receiver side. If a transfer is interrupted, the receiver has no way to know if the received file is complete or not . We could use MD5 sum or CRC checksums.
- No date/timestamp attribute transfer. Uploaded files are given a new current timestamp, unlike other file transfer protocols such as SFTP, which allow attributes to be included. There is no way in the standard FTP protocol to set the time-last-modified (or time-created) datestamp that most modern filesystems preserve.
Advantages and Disadvantages of FTP
Advantages
- User can use a program to perform a mass upload to a server, not having to worry about repeatedly having to rebrowse for files and re-upload them using one form.
- Downloads can also be done in mass as well.
Disadvantages
- Unfortunately, an FTP server still requires an FTP client to use, and the use of one would be particularly cumbersome to those who just wanted to upload a picture or two.