File Transfer Protocol (FTP)

Background, Protocol
Kozierok, Chapter 72

Michael S. Borella
Copyright (C) 1995-2006
All rights reserved
Background

Copyright (C) 1995-2006 Michael S. Borella 2

All rights reserved
Background

FTP is a widely-used protocol
– Probably second only to HTTP for downloading files
– Probably the most common protocol for uploading files

The basic mechanism is client/server

– The server stores files in a directory structure
– Clients log on, traverse the directories, and download files
– Anonymous access is an option

URL format : ftp://xyz.com/path/filename

– Examples:

ftp://ftp.netscape.com/pub/

ftp://ftp.sf.net/pub/sourceforge/

Different FTP clients hide the protocol details in different

ways:
– Command line – closest to the real protocol
– Dedicated FTP clients, such as Filezilla – easier to use, more
flexible and robust
– Web browsers – tend to make FTP and web access look similar
Copyright (C) 1995-2006 Michael S. Borella 3
All rights reserved
 Example FTP Client:
Windows Command Line Client

All commands are

explicitly typed

Access mode
emulates a UNIX
command line

Single-threaded:
one operation at a
time

Error prone: typos

and downloads of
binary files in ASCII

Copyright (C) 1995-2006 Michael S. Borella 4

All rights reserved
 Example FTP Client:
Filezilla GUI Client

Top window
displays FTP
commands

Left window
displays local
directory tree and
files

Right window
displays remote
directory tree and
files

Bottom windows
displays files being
transferred

GUI is point and

click – no typing
necessary
Copyright (C) 1995-2006 Michael S. Borella 5
All rights reserved
History

FTP has a long rich history going back to 1971
– Dozens of RFCs!

1971:
– Initial specification in RFC 141

1985:
– Harmonization of implementations into an international
standard in RFC 959

1994:
– Firewall and NAT friendly FTP defined in RFC 1579

Copyright (C) 1995-2006 Michael S. Borella 6

All rights reserved
Protocol

Copyright (C) 1995-2006 Michael S. Borella 7

All rights reserved
FTP Control Commands

Note: These are raw protocol commands – the commands
you enter in a text-based client may be different

Commands:
– USER: Allows client to enter username
– PASS: Allows client to enter password
– LIST: list files and directories
– PASV: Asks the server to operate in passive mode
– PORT: IP address and port number on which the client will use to
receive the next file
– RETR: Get a file from the server
– STOR: Send a file to the server
– CWD: Change working directory
– TYPE: File type – usually ASCII or binary
– QUIT: Log off of the server

Note: User names and passwords are sent in the clear.

FTP is NOT secure!
– In practice a lot of FTP servers require FTP sessions to be sent over
Secure Shell (SSH) tunnels
Copyright (C) 1995-2006 Michael S. Borella 8
All rights reserved
FTP Control Response Codes

FTP control commands will elicit a three-digit response

These responses are encoded in particular categories so

that they can be more easily understood

Response codes:
– 1yz: Positive preliminary reply – the server has started processing
the command and will issue another response code soon
– 2yz: Positive completion reply – the server has successfully
executed the command
– 3yz: Positive intermediate reply – the command has been sent but
another command is expected before the server can continue
– 4yz: Transient negative reply – the command has failed but might
succeed if it is issued again later
– 5yz: Permanent negative reply – the command has failed

The concept of these three-digit response codes has been

used in other protocols as well, such as HTTP and SIP
Copyright (C) 1995-2006 Michael S. Borella 9
All rights reserved
Common Response Codes

150: Opening data connection

200: Command successful

220: Service ready

221: Closing control connection

226: Data session complete

230: User login succeeded

331: User name accepted, please enter password

550: No such file or directory

Copyright (C) 1995-2006 Michael S. Borella 10

All rights reserved
Separation of Control and Data

FTP servers use well-known TCP port 21 for control
– Log ons
– Issuing commands and seeing results from the simple commands

When a file is downloaded, the client and server determine a

different set of port numbers to use for the file data
– The control session on server port 21 is maintained
– Two modes of operation:

Active: The server uses port 20 and initiates a TCP session with an IP
address and port provided by the client

Passive: The server allocates an ephemeral port, provides an IP and
this port to this client, and the client initiates the session

This concept also exists in most voice over IP (VoIP)

implementations but is rare in strict data applications

Copyright (C) 1995-2006 Michael S. Borella 11

All rights reserved
Use of PORT command

The FTP PORT command FTP Client

192.1.0.101
FTP Server
64.12.168.19
tells the server what IP
address and port with FTP control session established
which to initiate a data
session PORT 192,1,0,101,6,245

PORT command successful

Open listen

Format: socket on
192.1.0.101,
TCP port 1781
– 6 bytes spelled out in ASCII Command to initiate data session: LIST, RETR, etc.

– First 4 are the IP address ACK

– Next 2 are the high order (H)
FTP data session
and low order (L) bytes of the IP 64.12.168.19, port 20 -> IP 192.1.0.101 port 1781
port number

Port number = 256*H+L

– E.g., 256*6+245 = 1781
Copyright (C) 1995-2006 Michael S. Borella 12
All rights reserved
Problems with the PORT Command

The PORT command is incompatible with many
firewalls and some NATs

Firewalls typically deny session initiated outside of

the firewall to hosts inside of the firewall

A NAT will not be able to locate the client host

unless it is smart enough to translate the PORT
command as well
– Most NATs are smart enough

In an effort to make FTP more firewall-friendly, the

PASV command was developed

Copyright (C) 1995-2006 Michael S. Borella 13

All rights reserved
Use of PASV command

The FTP PASV command ask
the server to tell the client the IP
address and port number that the FTP Client FTP Server
client should contact the server 192.1.0.101 64.12.168.19

on
FTP control session established

Format of the response IP and Command to initiate data session: LIST, RETR, etc.
port from the server is the same
as the PORT command ACK

PASV

The client will issue the PASV
command each time a data Remember that
64,12,168,19,209,52

session is needed with the server port 53556, allocate

server is listening on

an ephemeral source
– If the user manually requests port (e.g., 2760)
passive mode, the PASV FTP data session
command will be sent without an IP 192.1.0.101 port 2760 -> IP 64.12.168.19 port 53556

associated data session but the

resulting IP and port will be used
for the next available data
session
Copyright (C) 1995-2006 Michael S. Borella 14
All rights reserved
FTP Examples

Copyright (C) 1995-2006 Michael S. Borella 15

All rights reserved
First Exemplary FTP Session

In the following FTP session, the user

– Logged on to the FTP server
– Requested a directory
– Downloaded a file
– Tried to download a non-existent file

This session does not use passive mode

Copyright (C) 1995-2006 Michael S. Borella 16

All rights reserved
 FTP Example Part 1: Initiation and Login
1076993353.833005 | IP 192.168.1.101->64.12.168.19 (len:48,id:21579,DF,frag:0) | TCP 1780->21
(S,3716486711,0,16384) <maximum segment size 1460><SACK permitted>
Control
session 1076993353.873107 | IP 64.12.168.19->192.168.1.101 (len:48,id:20819,frag:0) | TCP 21->1780
established
(SA,829024535,3716486712,65320) <SACK permitted><maximum segment size 1420>

1076993353.873174 | IP 192.168.1.101->64.12.168.19 (len:40,id:21580,DF,frag:0) | TCP 1780->21

(A,3716486712,829024536,17040)

Server
1076993353.925931 | IP 64.12.168.19->192.168.1.101 (len:48,id:20820,frag:0) | TCP 21->1780
(PA,829024536,3716486712,65320) FTP control 220-28
indicates
readiness 1076993354.045123 | IP 192.168.1.101->64.12.168.19 (len:40,id:21581,DF,frag:0) | TCP 1780->21
(A,3716486712,829024544,17032)

1076993354.082607 | IP 64.12.168.19->192.168.1.101 (len:94,id:20821,frag:0) | TCP 21->1780

Server (PA,829024544,3716486712,65320) FTP control 220 ftpnscp.newaol.com FTP server (SunOS 5.8)
identifies ready.
itself
1076993354.245414 | IP 192.168.1.101->64.12.168.19 (len:40,id:21582,DF,frag:0) | TCP 1780->21
(A,3716486712,829024598,16978)

Client 1076993361.659815 | IP 192.168.1.101->64.12.168.19 (len:56,id:21587,DF,frag:0) | TCP 1780->21

(PA,3716486712,829024598,16978) FTP control USER anonymous
sends
userid 1076993361.698611 | IP 64.12.168.19->192.168.1.101 (len:40,id:20822,frag:0) | TCP 21->1780
(A,829024598,3716486728,65320)

1076993361.700611 | IP 64.12.168.19->192.168.1.101 (len:108,id:20823,frag:0) | TCP 21->1780

Server (PA,829024598,3716486728,65320) FTP control 331 Guest login ok, send your complete e-mail
prompts for address as password.
password
1076993361.856373 | IP 192.168.1.101->64.12.168.19 (len:40,id:21588,DF,frag:0) | TCP 1780->21
(A,3716486728,829024666,16910)

1076993365.680635 | IP 192.168.1.101->64.12.168.19 (len:63,id:21589,DF,frag:0) | TCP 1780->21

(PA,3716486728,829024666,16910) FTP control PASS mike@borella.net
Client
sends 1076993365.719865 | IP 64.12.168.19->192.168.1.101 (len:88,id:20824,frag:0) | TCP 21->1780
password, (PA,829024666,3716486751,65320) FTP control 230 Guest login ok, access restrictions apply.
server
accepts it 1076993365.862119 | IP 192.168.1.101->64.12.168.19 (len:40,id:21590,DF,frag:0) | TCP 1780->21
(A,3716486751,829024714,16862)
Copyright (C) 1995-2006 Michael S. Borella 17
All rights reserved
 FTP Example Part 2: Remote directory listing
PORT
command 1076993368.738356 | IP 192.168.1.101->64.12.168.19 (len:66,id:21591,DF,frag:0) | TCP 1780->21
opens (PA,3716486751,829024714,16862) FTP control PORT 192,168,1,101,6,245
passive
listen port 1076993368.778457 | IP 64.12.168.19->192.168.1.101 (len:70,id:20825,frag:0) | TCP 21->1780
on client
(PA,829024714,3716486777,65320) FTP control 200 PORT command successful.
then client
1076993368.779519 | IP 192.168.1.101->64.12.168.19 (len:46,id:21592,DF,frag:0) | TCP 1780->21
issues (PA,3716486777,829024744,16832) FTP control LIST
LIST
command 1076993368.823879 | IP 64.12.168.19->192.168.1.101 (len:52,id:20826,frag:0) | TCP 20->1781
(S,868004878,0,25560) <window scale 0><SACK permitted><maximum segment size 1420>
Data
session 1076993368.823961 | IP 192.168.1.101->64.12.168.19 (len:52,id:21593,DF,frag:0) | TCP 1781->20
established (SA,3720278930,868004879,17040) <maximum segment size 1460><window scale 0><SACK permitted>

1076993368.863178 | IP 64.12.168.19->192.168.1.101 (len:40,id:20827,frag:0) | TCP 20->1781

(A,868004879,3720278931,25560)
Status
indication 1076993368.864276 | IP 64.12.168.19->192.168.1.101 (len:93,id:20828,frag:0) | TCP 21->1780
on control (PA,829024744,3716486783,65320) FTP control 150 Opening ASCII mode data connection for
session /bin/ls.
Directory 1076993368.866958 | IP 64.12.168.19->192.168.1.101 (len:584,id:20829,frag:0) | TCP 20->1781
data sent (PA,868004879,3720278931,25560)

1076993368.867378 | IP 64.12.168.19->192.168.1.101 (len:40,id:20830,frag:0) | TCP 20->1781

(FA,868005423,3720278931,25560)

Data 1076993368.867438 | IP 192.168.1.101->64.12.168.19 (len:40,id:21594,DF,frag:0) | TCP 1781->20

session
(A,3720278931,868005424,16496)
torn down
1076993368.868025 | IP 192.168.1.101->64.12.168.19 (len:40,id:21595,DF,frag:0) | TCP 1781->20
(FA,3720278931,868005424,16496)

1076993368.910170 | IP 64.12.168.19->192.168.1.101 (len:40,id:20831,frag:0) | TCP 20->1781

(A,868005424,3720278932,25560)
ACK for
status 1076993368.966556 | IP 192.168.1.101->64.12.168.19 (len:40,id:21596,DF,frag:0) | TCP 1780->21
indication (A,3716486783,829024797,16779)

Server 1076993369.006055 | IP 64.12.168.19->192.168.1.101 (len:70,id:20832,frag:0) | TCP 21->1780

(PA,829024797,3716486783,65320) FTP control 226 ASCII Transfer complete.
indicates
the data 1076993369.166834 | IP 192.168.1.101->64.12.168.19 (len:40,id:21597,DF,frag:0) | TCP 1780->21
session is (A,3716486783,829024827,16749)
Copyright (C) 1995-2006 Michael S. Borella 18
complete All rights reserved
 FTP Example Part 3: File Download
PORT
command 1076993374.900103 | IP 192.168.1.101->64.12.168.19 (len:66,id:21603,DF,frag:0) | TCP 1780->21
opens passive (PA,3716486783,829024827,16749) FTP control PORT 192,168,1,101,6,246
listen port on
client then 1076993374.939208 | IP 64.12.168.19->192.168.1.101 (len:70,id:20833,frag:0) | TCP 21->1780
client issues
(PA,829024827,3716486809,65320) FTP control 200 PORT command successful.
RETR
1076993374.940108 | IP 192.168.1.101->64.12.168.19 (len:54,id:21604,DF,frag:0) | TCP 1780->21
command for (PA,3716486809,829024857,16719) FTP control RETR Welcome
file Welcome
1076993374.981277 | IP 64.12.168.19->192.168.1.101 (len:52,id:20834,frag:0) | TCP 20->1782
Data (S,886138368,0,25560) <window scale 0><SACK permitted><maximum segment size 1420>
session
established 1076993374.981355 | IP 192.168.1.101->64.12.168.19 (len:52,id:21605,DF,frag:0) | TCP 1782->20
(SA,3721879154,886138369,17040) <maximum segment size 1460><window scale 0><SACK permitted>
Status
indication 1076993375.020343 | IP 64.12.168.19->192.168.1.101 (len:105,id:20836,frag:0) | TCP 21->1780
(PA,829024857,3716486823,65320) FTP control 150 Opening ASCII mode data connection for
on control Welcome (351 bytes).
session
1076993375.021453 | IP 64.12.168.19->192.168.1.101 (len:40,id:20835,frag:0) | TCP 20->1782
TCP setup (A,886138369,3721879155,25560)
handshake
completes, 1076993375.023578 | IP 64.12.168.19->192.168.1.101 (len:391,id:20837,frag:0) | TCP 20->1782
(PA,886138369,3721879155,25560)
file is sent
1076993375.023753 | IP 64.12.168.19->192.168.1.101 (len:40,id:20838,frag:0) | TCP 20->1782
(FA,886138720,3721879155,25560)

Data 1076993375.023805 | IP 192.168.1.101->64.12.168.19 (len:40,id:21606,DF,frag:0) | TCP 1782->20

session
(A,3721879155,886138721,16689)
torn down
1076993375.024402 | IP 192.168.1.101->64.12.168.19 (len:40,id:21607,DF,frag:0) | TCP 1782->20
(FA,3721879155,886138721,16689)

1076993375.066552 | IP 64.12.168.19->192.168.1.101 (len:40,id:20839,frag:0) | TCP 20->1782

(A,886138721,3721879156,25560)
ACK for
status 1076993375.175512 | IP 192.168.1.101->64.12.168.19 (len:40,id:21608,DF,frag:0) | TCP 1780->21
indication (A,3716486823,829024922,16654)

Server 1076993375.215335 | IP 64.12.168.19->192.168.1.101 (len:70,id:20840,frag:0) | TCP 21->1780

(PA,829024922,3716486823,65320) FTP control 226 ASCII Transfer complete.
indicates
the data 1076993375.375766 | IP 192.168.1.101->64.12.168.19 (len:40,id:21609,DF,frag:0) | TCP 1780->21
session is (A,3716486823,829024952,16624)
Copyright (C) 1995-2006 Michael S. Borella 19
complete All rights reserved
 FTP Example Part 4: Failed File Download
PORT 1076993378.460532 | IP 192.168.1.101->64.12.168.19 (len:66,id:21610,DF,frag:0) | TCP 1780->21
(PA,3716486823,829024952,16624) FTP control PORT 192,168,1,101,6,247
command
opens passive
listen port on 1076993378.499809 | IP 64.12.168.19->192.168.1.101 (len:70,id:20841,frag:0) | TCP 21->1780
client (PA,829024952,3716486849,65320) FTP control 200 PORT command successful.

1076993378.500739 | IP 192.168.1.101->64.12.168.19 (len:55,id:21611,DF,frag:0) | TCP 1780->21

(PA,3716486849,829024982,16594) FTP control RETR sdfsdfsd
Client asks
for non-
existent 1076993378.540156 | IP 64.12.168.19->192.168.1.101 (len:82,id:20842,frag:0) | TCP 21->1780
file, server
(PA,829024982,3716486864,65320) FTP control 550 sdfsdfsd: No such file OR directory.
responds
1076993378.680552 | IP 192.168.1.101->64.12.168.19 (len:40,id:21612,DF,frag:0) | TCP 1780->21
(A,3716486864,829025024,16552)

User quits
1076993383.268784 | IP 192.168.1.101->64.12.168.19 (len:46,id:21614,DF,frag:0) | TCP 1780->21
FTP (PA,3716486864,829025024,16552) FTP control QUIT
program,
server
indicates 1076993383.305500 | IP 64.12.168.19->192.168.1.101 (len:54,id:20843,frag:0) | TCP 21->1780
success (PA,829025024,3716486870,65320) FTP control 221 Goodbye.

1076993383.305982 | IP 192.168.1.101->64.12.168.19 (len:40,id:21615,DF,frag:0) | TCP 1780->21

(FA,3716486870,829025038,16538)

1076993383.307716 | IP 64.12.168.19->192.168.1.101 (len:40,id:20844,frag:0) | TCP 21->1780

Control (FA,829025038,3716486870,65320)
session
torn down
1076993383.307796 | IP 192.168.1.101->64.12.168.19 (len:40,id:21616,DF,frag:0) | TCP 1780->21
(A,3716486871,829025039,16538)

1076993383.345503 | IP 64.12.168.19->192.168.1.101 (len:40,id:20845,frag:0) | TCP 21->1780

(A,829025039,3716486871,65320)

Copyright (C) 1995-2006 Michael S. Borella 20

All rights reserved
Second Exemplary FTP Session

In the following FTP session, we only show the

PASV command and the resulting data transfer

Since the user manually enters passive mode, the

PASV command and data connection
establishment appears before the RETR
command
– If a subsequent file were downloaded, the PASV
command and data connection establishment would
occur after the RETR

Copyright (C) 1995-2006 Michael S. Borella 21

All rights reserved
 FTP Example 2: Passive Mode
Client sends
PASV 1079240274.421087 | IP 192.168.1.102->64.12.168.249 (len:46,id:55784,DF,frag:0) | TCP 2757->21
(PA,2691814085,2158588927,65088) FTP control PASV
command to
request 1079240274.456489 | IP 64.12.168.249->192.168.1.102 (len:90,id:30195,frag:0) | TCP 21->2757
remote (PA,2158588927,2691814091,65320) FTP control 227 Entering Passive Mode
endpoint info (64,12,168,249,209,52)

1079240274.461911 | IP 192.168.1.102->64.12.168.249 (len:48,id:55785,DF,frag:0) | TCP 2760-

>53556 (S,2695923328,0,64240) <maximum segment size 1460><SACK permitted>
Data
session 1079240274.497896 | IP 64.12.168.249->192.168.1.102 (len:48,id:30196,frag:0) | TCP 53556->2760
established (SA,2187253986,2695923329,65320) <SACK permitted><maximum segment size 1420>

1079240274.498008 | IP 192.168.1.102->64.12.168.249 (len:40,id:55786,DF,frag:0) | TCP 2760-

>53556 (A,2695923329,2187253987,65320)

Client 1079240274.555099 | IP 192.168.1.102->64.12.168.249 (len:54,id:55793,DF,frag:0) | TCP 2757->21

issues (PA,2691814091,2158588977,65038) FTP control RETR Welcome
RETR
command
1079240274.594648 | IP 64.12.168.249->192.168.1.102 (len:106,id:30197,frag:0) | TCP 21->2757
(PA,2158588977,2691814105,65320) FTP control 150 Opening BINARY mode data connection for
Welcome (351 bytes).
File is sent 1079240274.611278 | IP 64.12.168.249->192.168.1.102 (len:391,id:30198,frag:0) | TCP 53556->2760
(PA,2187253987,2695923329,65320)

1079240274.611368 | IP 64.12.168.249->192.168.1.102 (len:40,id:30199,frag:0) | TCP 53556->2760

(FA,2187254338,2695923329,65320)
Data 1079240274.611424 | IP 192.168.1.102->64.12.168.249 (len:40,id:55794,DF,frag:0) | TCP 2760-
session >53556 (A,2695923329,2187254339,64969)
torn down
1079240274.612101 | IP 192.168.1.102->64.12.168.249 (len:40,id:55795,DF,frag:0) | TCP 2760-
>53556 (FA,2695923329,2187254339,64969)

1079240274.656234 | IP 64.12.168.249->192.168.1.102 (len:40,id:30200,frag:0) | TCP 53556->2760

(A,2187254339,2695923330,65320)

Copyright (C) 1995-2006 Michael S. Borella 22

All rights reserved
References

S. Bellovin, “Firewall Friendly FTP,” Internet RFC 1579, Feb.

1994.

Filezilla, http://filezilla.sourceforge.net/.

J. Postel and J. Reynolds, “File Transfer Protocol (FTP),”

Internet RFC 959, Oct. 1985.

Copyright (C) 1995-2006 Michael S. Borella 23

All rights reserved