FILE TRANSFER PROTOCOLTCP/IP suit 4th Edition by Behrouz A
Forouzan
Internet Computing (CS-413) 2
FTP
Internet Computing (CS-413) 3
FTP RFC 959 uses two TCP Ports
one for controlone for data transfers
command-response protocol control port uses telnet protocol to
negotiate sessionUS-ASCII<crlf> is end-of-line character
Internet Computing (CS-413) 4
CONNECTIONS Control connection
1. Server issues a passive open on port 21 and waits for a client
2. Client uses an ephemeral port and issues an active response
The connection remains open for the entire session
IP uses minimal delay service because it is an interactive connection between a client and a server
Internet Computing (CS-413) 5
CONTROL CONNECTION
Internet Computing (CS-413) 6
DATA CONNECTION Uses port 20 on the server side
1. Client issues a passive open using an ephemeral port..
2. Client sends this port number to the server through PORT command
3. Server receives the port number and issues an active open using well known port number 20
Internet Computing (CS-413) 7
DATA CONNECTION
Internet Computing (CS-413) 8
COMMUNICATION OVER CONTROL CONNECTION FTP uses NVT ASCII character set Commands and responses Each line is terminated with two
character end of line token
Internet Computing (CS-413) 9
COMMUNICATION OVER DATA CONNECTION
File typeASCIIEBCDIC Image
Non print• File cannot be printed w/o further
processing• Default for text file
TELNET• Contains NVT ASCII vertical characters
like carriage return & line feed. • File is printable after transfer
Internet Computing (CS-413) 10
COMMUNICATION OVER DATA CONNECTION Data structure
File structure (default) File has no structure It is a continuous stream of bytes
Record structure File is organized as records Used only with text files
Page structure File is divided into pages, each with page
number and a header
Internet Computing (CS-413) 11
Transmission modesStream mode (default)
Data sent from FTP to TCP as stream of bytes TCP segments the data If file structure is used, no end-of-file marked; only
closing of data connection If record structure is used, 1-byte end-of-record and
1-byte end-of-file markedBlock mode
Data delivered from FTP to TCP in blocks, each with 3-byte header, including 1B block descriptor and 2B block size (in bytes)
Compressed mode Data can be compressed using run length encoding
Consecutive occurrences of data replaced by one occurrence and repetition count
COMMUNICATION OVER DATA CONNECTION
Internet Computing (CS-413) 12
COMMAND PROCESSING
Command typesAccess commandsFile management commandsData formatting commandsPort defining commandsFile transfer commandsMiscellaneous commands
Internet Computing (CS-413) 13
RESPONSES Every FTP command generates at least
one response Response has two parts
Numeric code 3 digit
1st & 2nd digits describe status of command3rd digit provides additional information
Text Needed parameters or explanations
Internet Computing (CS-413) 14
RESPONSES – 1ST DIGIT OF CODE
1yz - Positive preliminary reply - command is being acted upon; expect a final reply code before sending another command
2yz - Positive completion reply - command was successfully executed; new command may be sent
3yz - Positive intermediate reply - command was accepted, but the final result is being delayed because other information needs to be supplied from the client; reply is used for sequencing command groups
4yz - Transient negative completion reply - command failed, but the condition is temporary
5yz - Permanent negative completion reply - command failed and will always fail if given again; the command should not be attempted again
Internet Computing (CS-413) 15
RESPONSES- 2ND DIGIT OF CODE x0z - Refers to command syntax x1z - Indicates information returned by commands requesting information such as status or help
x2z - Refers to the state of the control or data connections
x3z - The reply is associated with the login process and accounting procedures
x4z - Reserved for future use x5z - Refers to the state of the requested file transfer or other file system command
Internet Computing (CS-413) 16
FILE TRANSFER
Internet Computing (CS-413) 17
FILE TRANSFER- EXAMPLE OF LISTING
Internet Computing (CS-413) 18 FIL
E T
RA
NS
FER
- EX
AM
PLE O
F S
TO
RIN
G
Internet Computing (CS-413) 19
ANONYMOUS FTP - EXAMPLE% ftp internic.net
Connected to internic.net
220 Server ready
Name: anonymous
331 Guest login OK, send “guest” as password
Password: guest
ftp > pwd
257 ’/’ is current directory
Internet Computing (CS-413) 20
ftp > ls
200 OK
150 Opening ASCII mode
bin
…
ftp> close
221 Goodbye
ftp> quit
ANONYMOUS FTP - EXAMPLE
Internet Computing (CS-413) 21
ACTIVE MODE FTP Client connect from a random unprivileged port (n > 1023)
to the servers command port (21) and sends port command to tell server to connect to n+1 then listens on the next higher unprivileged port (n+1) for server responses. The server connects from it’s data port (20) to the client data port (n+1)
ClientServer
20 21 1026 1027
1
2
3
4
Internet Computing (CS-413) 22
ACTIVE MODE FTP From the server-side firewall's standpoint, to support
active mode FTP the following communication channels need to be opened: FTP server's port 21 from anywhere (Client initiates
connection) FTP server's port 21 to ports > 1023 (Server responds to
client's control port) FTP server's port 20 to ports > 1023 (Server initiates data
connection to client's data port) FTP server's port 20 from ports > 1023 (Client sends ACKs to
server's data port) The main problem with active mode FTP actually falls on
the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.
Internet Computing (CS-413) 23
PASSIVE MODE FTP Client opens two random unprivileged ports ( n > 1023 and
n+1; ex 1026 and 1027) and connects the first port (n) to server command port 21 and issues a pasv command (server sends port to use for data); client connects to servers specified data port, server completes connection.
ClientServer
20 21 1026 1027
1
2
2024
3
4
Internet Computing (CS-413) 24
PASSIVE MODE FTP Passive mode FTP solves many of the problems from
the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use
The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. Necessitating a third-party FTP client.
Most browsers, acting as FTP client, only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support