File Transfer Protocol (FTP)
FTP
File Transfer Protocol
FTP is standard network protocol used to transfer files from one host to another over a TCP-based network, such as the internet.
Port: 21 TCP | RFC:959
OSI Layer: 7 (Application Layer)
Cyber Security Stance:
Designed by Vivekanand Padala
Protocol Overview
FTP is one of the oldest protocols still in use today, and it has been widely implemented in many different operating systems and software applications. It is commonly used by web developers to upload files to a web server, or by users to download files from an FTP server.
FTP operates over two channels: a command channel and a data channel. The command channel is used for sending commands from the client to the server, such as requesting a file or listing the contents of a directory. The data channel is used for transferring the actual file data between the client and server.
FTP has several security vulnerabilities, such as sending login credentials in plain text, so it is often secured using additional protocols, such as SSL/TLS or SSH.
FTP workflow
- The client software connects to the server on port 21, which is the default port for FTP control connections.
- The client sends a login command to the server, including the user's username and password. The server verifies the credentials and sends a welcome message to the client.
- The client sends commands to the server, such as "LIST" to request a directory listing, or "GET" to request a file.
- The server responds to the commands with a status code and message indicating success or failure.
- If the client requests a file, the server establishes a data connection with the client on a separate port (usually port 20 for active mode FTP, or a random port for passive mode FTP).
- The server sends the requested file over the data connection in either ASCII or binary mode, depending on the type of file.
- After the file transfer is complete, the data connection is closed, and the client and server return to the control connection to continue sending commands and responses.
- Once the client has finished sending commands, it sends a "QUIT" command to the server to end the session.
- The server acknowledges the "QUIT" command and closes the control connection, ending the FTP session.