2. File Transfer Protocol(FTP) is an application layer protocol which moves files
between local and remote file systems.
It runs on the top of TCP, like HTTP.
To transfer a file, 2 TCP connections are used by FTP in parallel:
1. Control connection
2. Data connection.
DEFINITION
4. For sending control information like user identification, password, commands to
change the remote directory, commands to retrieve and store files, etc.,
FTP makes use of control connection.
The control connection is initiated on port number 21.
CONTROL CONNECTION
5. For sending the actual file, FTP makes use of data connection.
A data connection is initiated on port number 20.
FTP sends the control information out-of-band as it uses a separate
control connection.
Some protocols send their request and response header lines and the data
in the same TCP connection. For this reason, they are said to send their
control information in-band.
HTTP and SMTP are such examples.
SMTP :-The Simple Mail Transfer Protocol
DATA CONNECTION
6. When a FTP session is started between a client and a server, the client initiates a
control TCP connection with the server side.
The client sends control information over this. When the server receives this, it
initiates a data connection to the client side.
Only one file can be sent over one data connection. But the control connection
remains active throughout the user session.
As we know HTTP is stateless i.e. it does not have to keep track of any user state.
But FTP needs to maintain a state about its user throughout the session.
TCP :-Transmission Control Protocol
FTP SESSION
7. File Structure – In file-structure there is no internal structure and the file is considered
to be a continuous sequence of data bytes.
Record Structure – In record-structure the file is made up of sequential records.
Page Structure – In page-structure the file is made up of independent indexed pages.
DATA STRUCTURES
8. USER – This command sends the user identification to the server.
PASS – This command sends the user password to the server.
CWD – This command allows the user to work with a different directory or dataset for
file storage or retrieval without altering his login or accounting information.
RMD – This command causes the directory specified in the path-name to be removed as
a directory.
MKD – This command causes the directory specified in the pathname to be created as a
directory.
PWD – This command causes the name of the current working directory to be returned
in the reply
RETR – This command causes the remote host to initiate a data connection and to send
the requested file over the data connection.
FTP COMMANDS
9. STOR – This command causes to store a file into the current directory of the
remote host.
LIST – Sends a request to display the list of all the files present in the directory.
ABOR – This command tells the server to abort the previous FTP service command
and any associated transfer of data.
QUIT – This command terminates a USER and if file transfer is not in progress, the
server closes the control connection.
10. 200:- Command okay.
530:- Not logged in.
331:- User name okay, need a password.
225:- Data connection open; no transfer in progress.
221:- Service closing control connection.
551:- Requested action aborted: page type unknown.
502:- Command not implemented.
503:- Bad sequence of commands.
504:- Command not implemented for that parameter.
FTP REPLIES
11. Data representation
1. FTP handles three types of data representations- ASCII (7 bit), EBCDIC (8-bit) and 8-
binary data.
2. The ASCII file is the default format for transferring text files
3. Each character is encoded using 7-bit ASCII. The sender transforms the file from its
own representation into ASCII characters and the receiver transforms the ASCII
character to its own representation.
4. The image file is the default format for transferring binary files. The file is sent as
continuous streams of bits without any interpretation or encoding.
5. ASCII :- American Standard Code for Information Interchange
6. EBCDIC :- Extended Binary Coded Decimal Interchange Code
FEATURES OF FTP
12. File organization and Data structures
1. FTP supports both unstructured and structured file.
2. An unstructured file contains string of bytes and is enl-marked by EOF (End
of file). The data structure that corresponds to such a file is called file
structure.
3. A structured file contains a list of records and each record is delimited by EDR
(End of Record). The data structure of such file is called record structure i.e. file
is divided into records.
4. Another structured file contains pages, with each page having a page number and a
page header. The pages can be stored and accessed randomly or sequentially. The
corresponding data structure is called page structure i.e. file is divided into pages.
13. Error control
Since TCP is used for data transfer no additional error recovery mechanism is
required.
Access control
File access protection is done using login procedure with login name and password.
14. Stream Mode
It is the default mode.
File is transmitted as continuous stream of bytes to TCP.
TCP is responsible for chopping data into segments of appropriate size.
If data is simply a stream of bytes (file structure), no end-of-file is needed. EOF in
this case is the closing of the data connection by the sender.
If data is divided into records (record structure), each record has a I-byte EOR (End-
of-Record) character and the end of the file has a I-byte EOF (End-of-file) character.
TRANSMISSION MODES
15. Block Mode
Data is delivered from FTP to TCP in blocks.
Each block is preceded by 3 bytes header.
The first byte is called the block descriptor.
The second and third byte defines the size of the block in bytes.
Compressed Mode
Data is usually compressed if the file to be transmitted is very big.
The compression method normally used in Run-length encoding.
In a text file, usually spaces (blanks) are removed.
In a binary file, null characters are compressed.
16. FTPS
FTP Secure is an extension to the commonly used File Transfer Protocol (FTP) that
adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL)
cryptographic protocols.
FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an
incompatible secure file transfer subsystem for the Secure Shell (SSH) protocol.
It is also different from FTP over SSH, the practice of tunneling FTP through an SSH
connection.
Summary
Implicit SSL/TLS encrypted FTP that works just like HTTPS. Security is enabled with
SSL as soon as the connection starts.
The default FTPS port is 990. This protocol was the first version of encrypted FTP
available, and while considered deprecated, is still widely used. None of the major web
browsers support FTPS.
TYPES OF FTP
17. FTP
The File Transfer Protocol (FTP) is a standard network protocol used to transfer
computer files from one host to another host over a TCP-based network, such as
the Internet.
FTP is built on a client-server architecture and uses separate control and data
connections between the client and the server. FTP users may authenticate
themselves using a clear-text sign-in protocol, normally in the form of a username
and password, but can connect anonymously if the server is configured to allow it.
For secure transmission that protects the username and password, and encrypts the
content, FTP is often secured with SSL/TLS (FTPS). SSH File Transfer Protocol
(SFTP) is sometimes also used instead, but is technologically different.
The first FTP client applications were command-line applications developed before
operating systems had graphical user interfaces, and are still shipped with most
Windows, Unix, and Linux operating systems. Many FTP clients and automation
utilities have since been developed for desktops, servers, mobile devices, and
hardware, and FTP has been incorporated into productivity applications, such as
Web page editors.
Summary
Plain, unencrypted FTP that defaults over port 21. Most web browsers support
basic FTP.
18. FTPES
Explicit FTP over SSL/TLS this is same as FTPS.
Some time people call FTPES and FTPS are exact same of working but difference
is in working criteria.
Summary
Explicit FTP over SSL/TLS. This starts out as plain FTP over port 21, but
through special FTP commands is upgraded to TLS/SSL encryption. This upgrade
usually occurs before the user credentials are sent over the connection.
FTPES is a somewhat newer form of encrypted FTP (although still over a decade
old), and is considered the preferred way to establish encrypted connections
because it can be more firewall friendly. None of the major web browsers support
FTPES.
19. 1. Trivial File Transfer Protocol
2. It is also file transfer protocol without sophisticated features of FTP.
3. It is good for simple file transfers, such as during boot time.
4. It uses UDP as transport layer protocols. Errors in the transmission (lost packets,
checksum errors) must be handled by the TFTP server.
5. It uses only one connection through well known port 69.
6. TFTP uses a simple lock-step protocol (each data packet needs to be
acknowledged). Thus the throughput is limited
TFTP
20. 1. Anonymous FTP is enabled on some sites whose files are available for public
access.
2. A user can access these files without having any username or password. Instead,
the username is set to anonymous and password to the guest by default.
3. Here, user access is very limited.
4. For example, the user can be allowed to copy the files but not to navigate through
directories.
ANONYMOUS FTP
21. One of the biggest advantages of using an FTP is the ability to not only transfer
more than one files but you can also transfer multiple directories at one time. FTP
also permits multitasking — you can upload whatever task you have completed and
at the same time download the files which you are planning to start working on.
Another advantage is the ability to continue transferring files even if the
connection is lost. In case you accidentally lose your connection or have to reboot
your system, you don’t have to worry about starting right from the beginning. You
can pick up right from where you left off.
There is a lot of FTP client software that enables you to schedule a file/directory
transfer allowing file sharing in your own way rather than forcing you to alter your
work patterns.
Automatic backup is the most important feature of FTP which works well for
businesses such as medical practices which cannot afford to lose patients’ data
under any case.
If file sharing is a compulsion in your business then the speed at which files are
transferred becomes currency in terms of a business and that is the biggest
advantage of FTP. With the ability to multi-task and the lightning-fast transfer, the
speed at which the file is transferred is no longer something you have to worry
about.
ADVANTAGES OF FTP
22. A coin has two sides and same is the case of FTP as well. It is a standard requirement
of the industry that all FTP transmissions should be encrypted. Unfortunately, not all
FTP providers are equal and not all providers offer encryption as a technology which is
supported by FTP. So, in such cases, you will have to look out for providers that offer
encryption to get the level of protection each type of data would need.
FTP is much hyped for being the best option for businesses as it basically serves two
operations viz., to send and receive large files on a network. However, the service has a
size limit of 2 GB of files you can send. Also, the protocol wouldn’t allow you to run
simultaneous transfers to multiple receivers.
If a hacker tries a brute force attack by trying a possible set of password combinations
repeatedly, he can easily gain access to your FTP if your password is weak. So it is quite
possible for attackers to carry out a brute force attack by trying to guess your FTP
password.
FTP doesn’t support an important operation like scheduling transfer across multiple FTP
servers. As mentioned earlier, you are unable to run simultaneous transfers using FTP.
The FTP uses its own security vendor which lacks complete security and it could lead
your business to pay the non-compliance penalties. If your company follows compliances
like PCI-DSS, HIPAA, ITAR, etc. then you will have to seek an FTP provider which can
support your compliances.
DISADVANTAGES OF FTP