• File Transfer Protocol (FTP) is a standard network protocol used to
copy a file from one host to another over a TCP/IP-based network,
such as the Internet.
• FTP is built on a client-server architecture and utilizes separate control
and data connections between the client and server applications,
which solves the problem of different end host configurations.
• Original specification for the File Transfer Protocol was written by
• Published as RFC 114 on 16 April 1971
• Replaced by RFC 765 (June 1980) and RFC 959 (October 1985), the
• RFC 2428 (September 1998) adds support for IPv6 and defines a new
type of passive mode.
DATA TRANSFER MODES
• ASCII mode
• Image mode (Binary mode)
• EBCDIC mode
• Local mode
• Most recent web browsers can retrieve files hosted on FTP servers,
although they may not support protocol extensions such as FTPS.
• When an FTP—rather than HTTP—URL is supplied, the accessible
contents of the remote server is presented in a manner similar to that
used for other Web content.
• Ideal for Personal Users
• Web publishing, photos, music, video sharing
• Simple, easy-to-use file transfer program.
• Perfect for business and advanced file transfer users
• Transferring valuable data securely
• Building web sites & moving large files
• Works over SSL, FTPS, SSH/SFTP protocols.
• Software designed to transfer files back-and-forth between two
computers over the Internet.
• It needs to be installed on your computer and can only be used with a
live connection to the Internet.
• Two-pane design for Classic FTP Client.
• File transfers are as easy as dragging-and-dropping files from one pane
to the other
Features of FTP CLIENTS
• Multiple file transfer
• Auto re-get or Resuming
• Queuing utility
• FTP find utility
• Synchronize utility
• No Encryption tools
• Username Protection
• Port Stealing
• Solution :- Use either SFTP or FTPS , which adds SSL or TLS encryption
• FTPS (also known as FTP-ES, FTP-SSL and FTP Secure) is an extension to the
commonly used File Transfer Protocol (FTP) that adds support for
the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL)
• EXPLICIT Mode :In explicit mode (also known as FTPES), an FTPS client must
"explicitly request" security from an FTPS server and then step-up to a
mutually agreed encryption method. If a client does not request security,
the FTPS server can either allow the client to continue in unsecure mode or
refuse/limit the connection.
• IMPLICIT Mode: Negotiation is not allowed with implicit FTPS configurations.
A client is immediately expected to challenge the FTPS server with a
TLS/SSL ClientHello message. If such a message is not received by the FTPS
server, the server should drop the connection.
• The protocol itself does not provide authentication and security;
• It expects the underlying protocol to secure this. SFTP is most often used
as subsystem of SSH protocol version 2 implementations, having been
designed by the same working group.
FTP over SSH
• FTP over SSH (not SFTP) refers to the practice of tunneling a normal FTP session over
an SSH connection.
• FTP uses multiple TCP connections (unusual for a TCP/IP protocol that is still in use), it
is particularly difficult to tunnel over SSH.
• With many SSH clients, attempting to set up a tunnel for the control channel (the
initial client-to-server connection on port 21) will protect only that channel
• When data is transferred, the FTP software at either end will set up new TCP
connections (data channels), which bypass the SSH connection and thus have no
confidentiality or integrity protection, etc.