Professional Documents
Culture Documents
manipulate files over a TCP/IP based network, such as the Internet. FTP is built on a
client-server architecture and utilizes separate control and data connections between the
tools with a standardized command syntax, but graphical user interfaces have been
developed for all desktop operating systems in use today. FTP is also often used as an
application component to automatically transfer files for program internal functions. FTP
can be used with user-based password authentication or with anonymous user access. The
Trivial File Transfer Protocol (TFTP) is a similar, but simplified, not interoperable, and
History
RFC 114 was released on 16 April 1971 and was the original specification of the File
Transfer Protocol (FTP). It was obsoleted by RFC 765 on June 1980, which in turn was
obsoleted by RFC 959 on October 1985, which is current specification. Several proposed
standards ammend that RFC, for example RFC 2228 of June 1997 proposes security
extensions and RFC 2428 of September 1998 adds support for IPv6 and defines a new
Use
As outlined by its RFC, FTP is used to:
• Promote sharing of files (computer programs and/or data).
user does not need to know that what the type of file system is.)
Protocol overview
A client makes a connection to the server using TCP port 21.
This connection, the control connection, remains open for the duration of the session,
with a second connection on port 20 opened as required to transfer file data. Commands
are sent by the client over the control connection in ASCII and terminated by a carriage
return and line feed. For example "RETR filename" would transfer the specified file from
The server responds on the control connection with three digit status codes in ASCII with
an optional text message, for example "200" (or "200 OK.") means that the last command
was successful. A file transfer in progress over the data connection can be aborted using
FTP can be run in active mode or passive mode, which control how the second
connection is opened. In active mode the client sends the server the IP address port
number the client is to use for the data connection and the server opens the connection.
Passive mode was devised for use where the client is behind a firewall and unable to
accept incoming TCP connections. The server sends the client an IP address and port
number and the the client opens the connection to the server. Both modes were updated in
September 1998 to add support for IPv6 and made some other changes to passive mode,
• ASCII mode: only for plain text. (Any other form of data will be corrupted)
• Binary mode: the sending machine sends each file byte for byte and as such the
recipient stores the bytestream as it receives it. (The FTP standard calls this
The other two, EBCDIC and local file type are essentially obsolete. For text files,
different format control and record structure can be selected, although these features are
also rarely used now. One of three file transfer modes can also be chosen, but the default
Security
because there is no method specified for transferring data in an encrypted fashion. This
means that under most network configurations, user names, passwords, FTP commands
and transferred files can be captured by anyone on the same network using a packet
sniffer. This is a problem common to many Internet protocol specifications written prior
to the creation of SSL, such as HTTP, SMTP and Telnet. The common solution to this
problem is to use either SFTP (SSH File Transfer Protocol), or FTPS (FTP over SSL),
Anonymous FTP
A host that provides an FTP service may additionally provide anonymous FTP access.
Users typically login to the service with an 'anonymous' account when prompted for user
name. Although users are commonly asked to send their email address in lieu of a
As modern FTP clients typically hide the anonymous login process from the user, the ftp
client will supply dummy data as the password (since the user's email address may not be
The Gopher protocol has been suggested as an alternative to anonymous FTP, as well as
Where FTP access is restricted, a remote FTP (or FTP Mail) service can be used to
circumvent the problem. An e-mail containing the FTP commands to be performed is sent
to a remote FTP server, which is a mail server that parses the incoming e-mail, executes
the FTP commands, and sends back an e-mail with any downloaded files as an
attachment. Obviously this is less flexible than an ftp client, as it is not possible to view
directories interactively or to modify commands, and there can also be problems with
large file attachments in the response not getting through mail servers. As most internet
users these days have ready access to FTP, this procedure is no longer in everyday use.
Most recent web browsers and file managers can connect to FTP servers, although they
may lack the support for protocol extensions such as FTPS. This allows manipulation of
remote files over FTP through an interface similar to that used for local files. This is done
the use of passive mode FTP, which not all FTP servers are capable of handling. Some
browsers allow only the downloading of files, but offer no way to upload files to the
server.
The representation of the IP addresses and port numbers in the PORT command and
PASV reply poses another challenge for Network address translation (NAT) devices in
handling FTP. The NAT device must alter these values, so that they contain the IP
address of the NAT-ed client, and a port chosen by the NAT device for the data
connection. The new address and port will probably differ in length in their decimal
representation from the original address and port. This means that altering the values on
the control connection by the NAT device must be done carefully, changing the TCP
Sequence and Acknowledgment fields for all subsequent packets. Such translation is not
usually performed in most NAT devices, but special application layer gateways exist for
this purpose.
FTP over SSH (not SFTP) refers to the practice of tunneling a normal FTP session over
an SSH connection.
Because FTP uses multiple TCP connections (unusual for a TCP/IP protocol that is still
in use), it is particularly difficult to tunnel over SSH. With many SSH clients, attempting
to set up a tunnel for the control channel (the initial client-to-server connection on port
21) will protect only that channel; when data is transferred, the FTP software at either end
will set up new TCP connections (data channels) which will bypass the SSH connection,
Otherwise, it is necessary for the SSH client software to have specific knowledge of the
FTP protocol, and monitor and rewrite FTP control channel messages and autonomously
open new forwardings for FTP data channels. Version 3 of SSH Communications
Security's software suite, and the GPL licensed FONC are two software packages that
FTP over SSH is sometimes referred to as secure FTP; this should not be confused with
other methods of securing FTP, such as with SSL/TLS (FTPS). Other methods of
transferring files using SSH that are not related to FTP include SFTP and SCP; in each of
these, the entire conversation (credentials and data) is always protected by the SSH
protocol.