FILE TRANSFER PROTOCOL

The File Transfer Protocol (FTP) is another commonly used application layer protocol. FTP was developed to allow for file transfers between a client and a server. An FTP client is an application that runs on a computer that is used to push and pull files from a server running the FTP daemon (FTPd). To successfully transfer files, FTP requires two connections between the client and the server: one for commands and replies, the other for the actual file transfer. The client establishes the first connection to the server on TCP port 21. This connection is used for control traffic, consisting of client commands and server replies. The client establishes the second connection to the server over TCP port 20. This connection is for the actual file transfer and is created every time there is a file transferred. The file transfer can happen in either direction. The client can download (pull) a file from the server or, the client can upload (push) a file to the server.

Getting Started
To connect your local machine to the remote machine, type ftp machinename where machinename is the full machine name of the remote machine, e.g., purcell.cs.colostate.edu. If the name of the machine is unknown, you may type ftpmachinennumber where machinennumber is the net address of the remote machine, e.g., 129.82.45.181. In either case, this command is similar to logging onto the remote machine. If the remote machine has been reached successfully, FTP responds by asking for a loginname and password. When you enter your own loginname and password for the remote machine, it returns the prompt and permits you access to your own home directory on the remote machine. You should be able to move around in your own directory and to copy files to and from your local machine using the FTP interface commands given on the following page

Anonymous FTP
At times you may wish to copy files from a remote machine on which you do not have a loginname. This can be done using anonymous FTP. When the remote machine asks for your loginname, you should type in the word anonymous. Instead of a password, you should enter your own electronic mail address. This allows the remote site to keep records of the anonymous FTP requests. Once you have been logged in, you are in the anonymous directory for the remote machine. This usually contains a number of public files and directories. Again you should be able to move around in these directories. However, you are only able to copy the files from the remote machine to your own local machine; you are not able to write on the remote machine or to delete any files there.

FTP return codes

FTP server return codes show their status by the digits within them. A short explanation of various digits meanings are given below:

1xx: Positive Preliminary reply. The action requested is being initiated but there will be another reply before it begins. 2xx: Positive Completion reply. The action requested has been completed. The client may now issue a new command. 3xx: Positive Intermediate reply. The command was successful, but a further command is required before the server can act upon the request. 4xx: Transient Negative Completion reply. The command was not successful, but the client is free to try the command again as the failure is only temporary. 5xx: Permanent Negative Completion reply. The command was not successful and the client should not attempt to repeat it again. x0x: The failure was due to a syntax error. x1x: This response is a reply to a request for information. x2x: This response is a reply relating to connection information. x3x: This response is a reply relating to accounting and authorization. x4x: Not used. x5x: These responses indicate the status of the Server file system vis-a-vis the requested transfer or other file system action

NAT and firewall traversal

FTP normally transfers data by having the server connect back to the client, after the PORT command is sent by the client. This is problematic for both NATs and firewalls, which do not allow connections from the Internet towards internal hosts. For NATs, an additional complication is that the representation of the IP addresses and port number in the PORT command refer to the internal host's IP address and port, rather than the public IP address and port of the NAT. There are two approaches to this problem. One is that the FTP client and FTP server use the PASV command, which causes the data connection to be established from the FTP client to the server. This is widely used by modern FTP clients. Another approach is for the NAT to alter the values of the PORT command, using an application-level gateway for this purpose.

Security
FTP was not designed to be a secure protocolespecially by today's standards and has many security weaknesses. In May 1999, the authors of RFC 2577 listed a vulnerability to the following problems:

Bounce attacks Spoof attacks Brute force attacks Packet capture (sniffing) Username protection Port stealing

FTP is not able to encrypt its traffic; all transmissions are in clear text, and usernames, passwords, commands and data can be easily read by anyone able to perform packet capture (sniffing) on the network. This problem is common to many of the Internet Protocol specifications (such as SMTP, Telnet, POP and IMAP) that were designed prior to the creation of encryption mechanisms such as TLS or SSL. A common solution to this problem is to use the "secure", TLSprotected versions of the insecure protocols (e.g. FTPS for FTP, TelnetS for Telnet, etc.) or a different, more secure protocol that can handle the job, such as the SFTP/SCP tools included with most implementations of the Secure Shell protocol.

Web browser support

Most common web browsers can retrieve files hosted on FTP servers, although they may not support protocol extensions such as FTPS. When an FTPrather than an HTTPURL is supplied, the accessible contents on the remote server are presented in a manner that is similar to that used for other Web content. A fullfeatured FTP client can be run within Firefox in the form of an extension called Fire FTP

Common FTP Commands

? ascii

to request help or information about the FTP commands to set the mode of file transfer to ASCII (this is the default and transmits seven bits per character) to set the mode of file transfer to binary (the binary mode transmits all eight bits per byte and thus provides less chance of a transmission error and must be used to transmit files other than ASCII files) to exit the FTP environment (same as quit) to change directory on the remote machine to terminate a connection with another computer
close brubeck

binary bye cd close

closes the current FTP connection with brubeck, but still leaves you within the FTP environment.

delete get

to delete (remove) a file in the current remote directory (same as rm in UNIX) to copy one file from the remote machine to the local machine
get ABC DEF get ABC

copies file ABC in the current remote directory to (or on top of) a file named DEF in your current local directory. copies file ABC in the current remote directory to (or on top of) a file with the same name, ABC, in your current local directory.

help lcd ls mkdir mget

to request a list of all available FTP commands to change directory on your local machine (same as UNIX cd) to list the names of the files in the current remote directory to make a new directory within the current remote directory to copy multiple files from the remote machine to the local machine; you are prompted for a y/n answer before transferring each file
mget *

copies all the files in the current remote directory to your current local directory, using the same filenames. Notice the use of the wild card character, *.

mput open

to copy multiple files from the local machine to the remote machine; you are prompted for a y/n answer before transferring each file to open a connection with another computer
open brubeck

opens a new FTP connection with brubeck; you must enter a username and password for a brubeck account (unless it is to be an anonymous connection).

put pwd quit rmdir

to copy one file from the local machine to the remote machine to find out the pathname of the current directory on the remote machine to exit the FTP environment (same as bye) to to remove (delete) a directory in the current remote directory