I started something: How FTP works

FTP stands for File Transfer Protocol which is used to transfer files from one host to another over TCP. RFC 959 lists all the details of FTP. It is an application layer protocol and is used widely across the world for transferring files.

FTP connections (what we read and know):-

FTP consists of 2 connections:-

1. Control Connection on port 21 of server (Standard, can be changed)

2. Data Connection on port 20 of server (Standard, can be changed)

Control connection is established between port 21 of server and random port of client. Once opened, this connection remains there unless closed by user or idle timeout occurs.

Data connection is established every time client sends a request using control connection to server for data transfer. For every new Data connection, port number changes. The new port number is negotiated on the control connection.

NOTE:-

Not all the FTP commands use the Data Connection…

Here is the list of FTP commands. Commands with (√ ) indicates that the command uses data connection and commands with (X) indicates that the command doesn’t use data connection.

Looking at the above diagram, one could see that of all the commands available for FTP, ratio of commands which use data connection to all commands is very less.

FTP data transfer modes are of 4 types:-

· 1. Active Mode (Also known as PORT based)

· 2. Passive Mode (Also known as PASV based)

· 3. Extended active mode to support NAT (EPRT)

· 4. Extended passive mode to support NAT (EPSV)

Active Mode:-
In this, client tells to the server on which client-port the data connection will be made. So client sends the port number with the command to the server. In PORT commands, port 20 is used by server for Data transfer.

Passive Mode:-

Sometimes client might be behind the firewall. In such cases, server cannot directly connect to the client on the negotiated port. So for that Passive mode is used. In Passive mode, any random port is used by server for Data connection.

In this, Server sends the data connection port no. to client and then client connects to that portnumber for data connection.

EPRT and EPSV modes:-
These modes are to support FTP in case of IPv6 and NATing. More details about them can be found in FTP’s RFC document.

Traffic flow examples for PORT and PASV modes:-

Now we will try to see what traffic flows in case of FTP connection.

Server’s IP: 192.168.10.10

Client’s IP: 192.168.10.11

Now let us see what traffic flows when some request is sent by FTP-client to FTP-server which uses data-connection for both Active and passive modes. Thing to note here is that control connection is already established between client and server. We will discuss what happens after that.

For Active mode:-

Once the user enters the FTP request, ftp client needs to create a data connection to get the output from the server. It first needs to negotiate the port. So it sends the command “PORT” with client machine’s IP and port to which the data connection should be made.

As seen from the above diagram, client sends request to server and server responds back. Port is successfully negotiated between them.

Next client sends the FTP request on the control channel. Now server performs 3-way handshake with the data port negotiated and then responds back with the output on the data channel. Once the data-transfer is complete, the data-connection is terminated.

For each new FTP request, a new data-connection is created.

For Passive mode:-

In passive mode, the client first informs server that it wants to open a passive mode data-connection with the server. It sends “PASV” command to server on control channel. Server responds back by sending the port to which it will open the data connection.

As we can see from the above diagram, server responds back with the IP and port number. 3-way handshake occurs at this time for the data-connection.

Next client sends the FTP request on the control-connection and server sends back the output on the data-connection. Once the data-transfer is complete for that request, the data-connection is terminated.