The document provides information about FTP (File Transfer Protocol), including: - FTP allows transferring files between a client and server, with the client connecting to access and transfer files from directories on the server. - FTP uses two channels - a command channel to communicate tasks, and a data channel to transfer file data. - It describes FTP security issues, transfer modes, login processes, error codes, and tools like FileZilla that can be used for FTP. - Instructions are given for students to upload their Assignment 10 files to the course server using FTP via the Windows Explorer folder view.

1. Web Server and Application Server
Technologies: FTP
BITM 3730
Developing Web Applications

2. Previous Work Review
• http://pirate.shu.edu/~marinom6/work.html
• Please Note only previously due HW assignments are posted on my
pirate.shu.edu web space
• Begin organizing your creating files for this course into an easy to find folder
on your desktop for easy FTP later on

3. Basics
• The most common FTP port is port 21
• The main connection in FTP is either referred to as the Control or
Command Connection
• SFTP stands for Secure File Transfer Protocol
• SFTP is secure because it runs over SSH (Secure Shell) protocol
• FTP connects the server and client

4. FTP
• FTP is a way to transfer files online.
• Browsers use a protocol called HTTP.
• IMAP and POP, for instance, are two protocols that email clients use
to send and receive messages.
• XMPP is a protocol used to send and receive instant messages.
• FTP is another such protocol.

5. FTP Connects
• An FTP server offers access to a directory, with sub-directories.
• Users connect to these servers with an FTP client, a piece of software that
lets you download files from the server, as well as upload files to it.

6. FTP Channels
• FTP uses two basic channels to operate:
• The command channel carries information about the task
itself — what files are to be accessed, if commands are
registering, etc.
• The data channel then transfers the actual file data between
devices.

7. Error and Status Codes – 6 Levels
• 1xx - The requested action is being initiated, expect another reply before proceeding
with a new command.
• 2xx - The requested action has been successfully completed.
• 3xx - The command has been accepted, but the requested action is on hold, pending
receipt of further information.
• 4xx - The command was not accepted and the requested action did not take place,
but the error condition is temporary and the action may be requested again.
• 5xx - The command was not accepted and the requested action did not take place.
• 10xxx - Winsock error codes

8. 1xx Codes
110 Restart marker reply.
120 Service ready in nn minutes.
125 Data Connection already open, transfer starting.
150 File status okay, about to open data connection.

9. 2xx Codes
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message.
215 NAME system type. (Where NAME is an official system name from the list in the
Assigned Numbers document.)
220 Service ready for new user.
221 Service closing control connection. Logged out if appropriate.
225 Data connection open; no transfer in progress
226 Closing data connection. Requested file action successful (for example - file transfer
or file abort).
227 Entering Passive Mode.
230 User logged in, proceed.
250 Requested file action okay, completed.
257 "PATHNAME" created.

10. 3xx Codes
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information.

11. 4xx Codes
421 Service not available, closing control connection. This may be a reply to any
command if the service knows it must shut down.
425 Can't open data connection. Try changing from PASV to PORT mode.
426 Connection closed; transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted: local error in processing.
452 Requested action not taken. Insufficient storage space in system.

12. 5xx Codes
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in. Your password is being rejected, contact the server administrator.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no
access). Contact the server administrator.
552 Requested file action aborted. Exceeded storage allocation (for current directory
or data set). Contact the server administrator.
553 Requested action not taken. File name not allowed. Try changing the file name,
or getting rid of spaces in the file name.

13. 10xxx Codes
10054 Connection Reset by Peer - The connection was forcibly closed by the remote
host.
10060 Can't connect to remote server (Generally a time-out error). Try switching from
PASV to PORT mode.
10061 Can't connect to remote server. The connection is actively refused by the
server. Try switching from PASV to PORT mode.
10066 Directory not empty. The server will not delete this directory while there are
files/folders in it.
10068 Too many users, server is full. Contact the server administrator.

14. FTP Data Types
• ASCII (TYPE A): Used for text. Data is converted, if needed, from the sending host's
character representation to "8-bit ASCII" before transmission, and (again, if necessary) to
the receiving host's character representation. As a consequence, this mode is inappropriate
for files that contain data other than plain text.
• Image (TYPE I, commonly called Binary mode): The sending machine sends each file
byte by byte, and the recipient stores the bytestream as it receives it. (Image mode support
has been recommended for all implementations of FTP).
• EBCDIC (TYPE E): Used for plain text between hosts using the EBCDIC character set.
• Local (TYPE L n): Designed to support file transfer between machines which do not use
8-bit bytes

15. FTP File Structures
• File organization is specified using the STRU command:
• F or FILE structure (stream-oriented). Files are viewed as an arbitrary
sequence of bytes, characters or words.
• R or RECORD structure (record-oriented). Files are viewed as divided into
records.
• P or PAGE structure (page-oriented). Files are divided into pages.

16. FTP Data Transfer Modes
• Data transfer can be done in any of three modes:
• Stream mode (MODE S): Data is sent as a continuous stream, relieving FTP from doing any
processing. Rather, all processing is left up to TCP. No End-of-file indicator is needed, unless the
data is divided into records.
• Block mode (MODE B): Designed primarily for transferring record-oriented files (STRU R),
although can also be used to transfer stream-oriented (STRU F) text files. FTP puts each record
(or line) of data into several blocks (block header, byte count, and data field) and then passes it
on to TCP.
• Compressed mode (MODE C): Extends MODE B with data compression using run-length
encoding.
• Most contemporary FTP clients and servers do not implement MODE B or MODE C

17. FTP Login
• FTP login uses normal username and password scheme for granting access.The username is
sent to the server using the USER command, and the password is sent using the PASS
command. This sequence is unencrypted "on the wire", so may be vulnerable to a network
sniffing attack.
Anonymous FTP:
• A host that provides an FTP service may provide anonymous FTP access. Users typically log
into the service with an 'anonymous' (lower-case and case-sensitive in some FTP servers)
account when prompted for user name. Although users are commonly asked to send their
email address instead of a password, no verification is actually performed on the supplied
data. Many FTP hosts whose purpose is to provide software updates will allow anonymous
logins.

18. FTP Security Issues
• Brute-force attack
• FTP bounce attack
• Packet capture
• Port stealing (guessing the next open port and usurping a legitimate connection)
• Spoofing attack
• Username enumeration
• DoS or DDoS

19. Other FTP Options
• FTP over SSH is the practice of tunneling a normal FTP session over a Secure Shell connection.
• Explicit FTPS is an extension to the FTP standard that allows clients to request FTP sessions to
be encrypted.
• The SSH file transfer protocol (chronologically the second of the two protocols abbreviated
SFTP) transfers files and has a similar command set for users but uses the Secure Shell protocol
(SSH) to transfer files.
• Trivial File Transfer Protocol (TFTP) is a simple, lock-step FTP that allows a client to get a file
from or put a file onto a remote host.
• Simple File Transfer Protocol (the first protocol abbreviated SFTP), proposed as an (unsecured)
file transfer protocol with a level of complexity intermediate between TFTP and FTP.

20. Top FTP Tools
• FileZilla [now said to include viruses upon download in the form of adware
and malware, so avoid]
• WinSCP
• Using Windows Explorer [i.e. folder on your computer]

21. FTP with Windows Explorer

22. File eXchange Protocol
• File eXchange Protocol (FXP or FXSP) is a method of data transfer which
uses FTP to transfer data from one remote server to another (inter-server)
without routing this data through the client's connection.
• Enabling FXP support can make a server vulnerable to an exploit known as
FTP bounce. As a result of this, FTP server software often has FXP disabled
by default. Some sites restrict IP addresses to trusted sites to limit this risk.

23. File Service Protocol
• File Service Protocol (FSP) is a UDP-based replacement for the File Transfer
Protocol, designed for anonymous access with lower hardware and network
requirements than FTP.
• As the FSP protocol is not officially recognized by IANA, it has no official
port number.

24. FTP Port Numbers
• 20 FTP -- Data
• 21 FTP -- Control
• 22 SSH Remote Login Protocol
• 23 Telnet
• 25 Simple Mail Transfer Protocol (SMTP)
• 69 Trivial File Transfer Protocol (TFTP)
• 80 HTTP
• 115 Simple File Transfer Protocol (SFTP)

25. Building Assignment 10
• Click on public_html to upload your files
• Select all of your files prior to Assignment 10 and select the Upload
button
• Follow the prompts
• May take time to transfer a copy from your desktop [or whereever you
have these files saved] to the pirate.shu.edu server

26. Assignment 10 Example