FILE TRANSFER PROTOCOLTCP/IP suit 4th Edition by Behrouz A

Forouzan

Internet Computing (CS-413) 2

FTP

Internet Computing (CS-413) 3

FTP RFC 959 uses two TCP Ports

one for controlone for data transfers

command-response protocol control port uses telnet protocol to

negotiate sessionUS-ASCII<crlf> is end-of-line character

Internet Computing (CS-413) 4

CONNECTIONS Control connection

1. Server issues a passive open on port 21 and waits for a client

2. Client uses an ephemeral port and issues an active response

The connection remains open for the entire session

IP uses minimal delay service because it is an interactive connection between a client and a server

Internet Computing (CS-413) 5

CONTROL CONNECTION

Internet Computing (CS-413) 6

DATA CONNECTION Uses port 20 on the server side

1. Client issues a passive open using an ephemeral port..

2. Client sends this port number to the server through PORT command

3. Server receives the port number and issues an active open using well known port number 20

Internet Computing (CS-413) 7

DATA CONNECTION

Internet Computing (CS-413) 8

COMMUNICATION OVER CONTROL CONNECTION FTP uses NVT ASCII character set Commands and responses Each line is terminated with two

character end of line token

Internet Computing (CS-413) 9

COMMUNICATION OVER DATA CONNECTION

File typeASCIIEBCDIC Image

Non print• File cannot be printed w/o further

processing• Default for text file

TELNET• Contains NVT ASCII vertical characters

like carriage return & line feed. • File is printable after transfer

Internet Computing (CS-413) 10

COMMUNICATION OVER DATA CONNECTION Data structure

File structure (default) File has no structure It is a continuous stream of bytes

Record structure File is organized as records Used only with text files

Page structure File is divided into pages, each with page

number and a header

Internet Computing (CS-413) 11

Transmission modesStream mode (default)

Data sent from FTP to TCP as stream of bytes TCP segments the data If file structure is used, no end-of-file marked; only

closing of data connection If record structure is used, 1-byte end-of-record and

1-byte end-of-file markedBlock mode

Data delivered from FTP to TCP in blocks, each with 3-byte header, including 1B block descriptor and 2B block size (in bytes)

Compressed mode Data can be compressed using run length encoding

Consecutive occurrences of data replaced by one occurrence and repetition count

COMMUNICATION OVER DATA CONNECTION

Internet Computing (CS-413) 12

COMMAND PROCESSING

Command typesAccess commandsFile management commandsData formatting commandsPort defining commandsFile transfer commandsMiscellaneous commands

Internet Computing (CS-413) 13

RESPONSES Every FTP command generates at least

one response Response has two parts

Numeric code 3 digit

1st & 2nd digits describe status of command3rd digit provides additional information

Text Needed parameters or explanations

Internet Computing (CS-413) 14

RESPONSES – 1ST DIGIT OF CODE

1yz - Positive preliminary reply - command is being acted upon; expect a final reply code before sending another command

2yz - Positive completion reply - command was successfully executed; new command may be sent

3yz - Positive intermediate reply - command was accepted, but the final result is being delayed because other information needs to be supplied from the client; reply is used for sequencing command groups

4yz - Transient negative completion reply - command failed, but the condition is temporary

5yz - Permanent negative completion reply - command failed and will always fail if given again; the command should not be attempted again

Internet Computing (CS-413) 15

RESPONSES- 2ND DIGIT OF CODE x0z - Refers to command syntax x1z - Indicates information returned by commands requesting information such as status or help

x2z - Refers to the state of the control or data connections

x3z - The reply is associated with the login process and accounting procedures

x4z - Reserved for future use x5z - Refers to the state of the requested file transfer or other file system command

Internet Computing (CS-413) 16

FILE TRANSFER

Internet Computing (CS-413) 17

FILE TRANSFER- EXAMPLE OF LISTING

Internet Computing (CS-413) 18 FIL

E T

RA

NS

FER

- EX

AM

PLE O

F S

TO

RIN

G

Internet Computing (CS-413) 19

ANONYMOUS FTP - EXAMPLE% ftp internic.net

Connected to internic.net

220 Server ready

Name: anonymous

331 Guest login OK, send “guest” as password

Password: guest

ftp > pwd

257 ’/’ is current directory

Internet Computing (CS-413) 20

ftp > ls

200 OK

150 Opening ASCII mode

bin

…

ftp> close

221 Goodbye

ftp> quit

ANONYMOUS FTP - EXAMPLE

Internet Computing (CS-413) 21

ACTIVE MODE FTP Client connect from a random unprivileged port (n > 1023)

to the servers command port (21) and sends port command to tell server to connect to n+1 then listens on the next higher unprivileged port (n+1) for server responses. The server connects from it’s data port (20) to the client data port (n+1)

ClientServer

20 21 1026 1027

1

2

3

4

Internet Computing (CS-413) 22

ACTIVE MODE FTP From the server-side firewall's standpoint, to support

active mode FTP the following communication channels need to be opened: FTP server's port 21 from anywhere (Client initiates

connection) FTP server's port 21 to ports > 1023 (Server responds to

client's control port) FTP server's port 20 to ports > 1023 (Server initiates data

connection to client's data port) FTP server's port 20 from ports > 1023 (Client sends ACKs to

server's data port) The main problem with active mode FTP actually falls on

the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.

Internet Computing (CS-413) 23

PASSIVE MODE FTP Client opens two random unprivileged ports ( n > 1023 and

n+1; ex 1026 and 1027) and connects the first port (n) to server command port 21 and issues a pasv command (server sends port to use for data); client connects to servers specified data port, server completes connection.

ClientServer

20 21 1026 1027

1

2

2024

3

4

Internet Computing (CS-413) 24

PASSIVE MODE FTP Passive mode FTP solves many of the problems from

the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use

The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. Necessitating a third-party FTP client.

Most browsers, acting as FTP client, only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support