File transfer is among the most frequently used TCP/IP applications and it accounts for a lot of the network traffic on the Internet. Various standard file transfer protocols existed even before the Internet was available to everyone and it was these early versions of the file transfer software that helped create today's standard known as the File Transfer Protocol (FTP). Most recent specifications of the protocol are listed in RFC 959.
The Protocol
FTP uses TCP as a transport protocol. This means that FTP inherits TCP's robustness and is very reliable for transferring files. Chances are if you download files, you've probably used ftp a few hundred times without realising it ! And if you have a huge warez collection, then make that a couple of thousand times :)
The picture below shows where FTP stands in contrast to the OSI model. As I have noted in other sections, it's important to understand the concept of the OSI model, because it will greatly help you understand all this too :)
Now, we mentioned that FTP uses TCP as a transport, but we didn't say which ports it uses! Port numbers 21 and 20 are used for FTP. Port 21 is used to establish the connection between the 2 computers (or hosts) and port 20 to transfer data (via the Data channel).
But there are some instances where port 21 is used for both, establishing a connection and data transfer and I will analyse them shortly.
The best thing you can do to "see" it yourself is to grab a packet sniffer which you will conveniently find in our download section and try to capture a few packets while you're ftp'ing to a site.
Both Ports - 20 and 21 - Active FTP Mode
Included below is a screenshot clearly showing TCP ports 20 and 21 being used:
Only Port 21 - Passive FTP Mode
The next screenshot shows captures an FTP session using only TCP Port 21:
FTP has two different modes of operation: Active and Passive. The mode used depends on a number of circ*mstances, but mainly if you are behind a firewall or not.
Active Mode FTP
Active mode is usually used when there isn't any firewall between you and the FTP server. In such cases you have a direct connection to the Internet. When you (the client) try to establish a connection to a FTP server, your workstation includes a second port number (using the PORT command) that is used when data is to be exchanged, this is known as the Data Channel.
The FTP server then starts the exchange of data from its own port 20 to whatever port was designated by your workstation (in the screen shot, my workstation used port 1086), and because the server initiated the communication, it's not controlled by the workstation client. This can also potentially allow uninvited data to arrive to your computer from anywhere posing as a normal FTP transfer. This is one of the reasons Passive FTP is more secure.
Passive Mode FTP
Using normal or passive FTP, a client begins a session by sending a request to communicate through TCP port 21, the port that is conventionally assigned for this use at the FTP server. This communication is known as the Control Channel connection.
At this point, a PASV command is sent instead of a PORT command. Instead of specifying a port that the server can send to, the PASV command asks the server to specify a port it wishes to use for the Data Channel connection. The server replies on the Control Channel with the port number which the client then uses to initiate an exchange on the Data Channel. The server will thus always be responding to client-initiated requests on the Data Channel and the firewall can correlate these.
It's simple to configure your client FTP program to use either Active or Passive FTP. For example, in Cute FTP, you can set your program to use Passive FTP by going to FTP--> Settings --> Options and then selecting the "Firewall" tab :
If you remove the above options, then your workstation will be using (if possible) Active FTP mode, and I say "if possible" cause if your already behind a firewall, there is probably no way you will be using Active FTP, so the program will automatically change to Passive FTP mode.
So let's have a look at the process of a computer establishing an FTP connection with a server: .
The above is assuming a direct connection to the FTP server. For simplicity reasons, we are looking at the way the FTP connection is created and not worring if it's a Passive or Active FTP connection. Since FTP is using TCP as a transport, you would expect to see the 3-way handshake. Once that is completed and there is data connection established, the client will send its login name and then password. After the authentication sequence is finished and the user is authenticated to the Server, it's allowed access and is ready to leach the site dry :)
Finally, below are the most commonly used FTP commands:
ABOR: abort previous FTP command
LIST and NLST: list file and directories
DELE: delete a file
RMD: remove a directory
MKD: create a directory
PWD: print current working directory ( show you which dir. your at)
PASS: send password
PORT: request open port number on specific IP address/port number
QUIT: log off from server
RETR: retrieve file
STOR: send or put file
SYST: identity system type
TYPE: specify type (A for ASCII, I for binary)
USER: send username
And that just about complete's our analysis on the FTP protocol !
