Difference between revisions of "FTP"

From Pulsed Media Wiki
(Created page with "File Transfer Protocol is a very old protocol, dating back to 1971, developed at MIT. == Background information == FTP is a very simple and efficient protocol for file transfers...")
 
(Guides)
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
File Transfer Protocol is a very old protocol, dating back to 1971, developed at MIT.
+
The '''File Transfer Protocol''' ('''FTP''') is a standard [[Network protocol|network protocol]] used for the [[File transfer|transfer of computer files]] between a [[Client–server model|client]] and [[Server (computing)|server]] on a [[Computer network|computer network]]. Based on a [[Client–server model|client-server model]] architecture, FTP uses separate control and data connections between the client and the server.
  
== Background information ==
+
Developed in the early days of the [[ARPANET]], FTP is one of the oldest protocols still in use today, dating back to 1971. While efficient for its time, it has significant security drawbacks compared to modern file transfer methods.
FTP is a very simple and efficient protocol for file transfers. It includes no encryption, and extremely minimal overhead overally. To date it is still probably the most popular protocol to transfer files in a client-server fashion. During the years FTP has gained only a few new features since it's inception.
 
  
Default port for FTP is 21.
+
== Overview and Purpose ==
 +
The primary purpose of FTP is to enable users to upload files to a server (putting files onto the server) and download files from a server (retrieving files from the server). It operates using two distinct connections:
  
=== FXP ===
+
1. '''Control Connection:''' Established on [[Port (computer networking)|port]] 21 by default. This connection is used for sending commands from the client to the server (e.g., login credentials, navigate directories, initiate file transfer) and receiving responses from the server (e.g., command successful, file not found, ready to transfer).
While at times considered as a discreet protocol, it really is not. Servers configured for FXP only change their authentication behavior so that in active connection any [[IP Address|IP]] may contact the server to the specified port for file transfer, therefore you can transfer data directly from server to server without the need for data to pass through the client computer. Especially useful for large amounts of data where transferring the data via client computer would be prohibitively slow.
+
2.  '''Data Connection:''' Established on various ports. This connection is used for the actual transfer of file data. The port used for the data connection is negotiated over the control connection and depends on whether the transfer is in Active or Passive mode.
  
FXP stands for '''File eXchange Protocol''', despite it merely extends what FTP servers are capable of already, and actually is achieved by simply disabling a security feature ([[IP Address|IP]] authentication). Unfortunately FXP can make the FTP server vulnerable for FTP Bounce attack, and therefore is disabled by default in most FTP servers.
+
== How it Works: Active vs. Passive Mode ==
 +
The setup of the data connection distinguishes between Active and Passive FTP modes:
  
[[Pulsed Media]] [[Seedbox|seedboxes]] has FXP enabled.
+
; Active Mode FTP
 +
: 1.  The client connects to the server's control port (default 21) and sends commands.
 +
: 2.  When initiating a data transfer (e.g., a download), the client tells the server which data port the *client* is listening on.
 +
: 3.  The server then actively initiates a connection *back to* the client on the specified data port (typically originating from server port 20).
 +
: - '''Issue with Firewalls/NAT:''' Active mode often causes problems with [[Firewall (computing)|firewalls]] and [[Network address translation|NAT]] (Network Address Translation) on the client's side. The firewall may block the incoming connection initiated by the server, or the NAT device may not correctly route the incoming connection to the client behind it.
  
== FTP Client programs ==
+
; Passive Mode FTP
Some popular FTP clients are:
+
: 1.  The client connects to the server's control port (default 21) and sends commands.
* [http://www.smartftp.com/ SmartFTP]
+
: 2.  When initiating a data transfer, the client sends a `PASV` command to the server.
* [http://www.cuteftp.com/ CuteFTP]
+
: 3.  The server responds by telling the client which data port the *server* is listening on.
* [http://www.flashfxp.com/ FlashFXP]
+
: 4.  The client then initiates a connection *to* the server on that specified data port.
* [http://filezilla-project.org/ FileZilla]
+
: - '''Advantage with Firewalls/NAT:''' Passive mode is generally more compatible with client-side firewalls and NAT because the client always initiates the connections, which is typically allowed by firewalls.
 +
 
 +
Due to the widespread use of firewalls and NAT on client networks, '''Passive mode is the preferred and more reliable method for most FTP connections today.'''
 +
 
 +
== History ==
 +
FTP was originally specified in 1971, making it one of the earliest networking protocols. It predates the widespread adoption of [[TCP/IP]], initially running over protocols like NCP. It was later updated to run over TCP/IP and standardized in [[RFC 959]] in 1985, which remains the fundamental specification. Despite its age, its simplicity kept it relevant for basic file transfers for decades.
 +
 
 +
== Security Concerns ==
 +
A major drawback of standard FTP is its lack of [[Encryption|encryption]]. By default:
 +
* '''Authentication is sent in plaintext:''' Usernames and passwords are sent over the control connection without encryption. Anyone intercepting the traffic can capture login credentials.
 +
* '''Data is sent in plaintext:''' The actual file data transferred over the data connection is also unencrypted. Sensitive information contained within files can be read by anyone monitoring the network traffic.
 +
 
 +
Due to these significant security risks, using plain FTP (especially over untrusted networks like the internet) is strongly discouraged.
 +
 
 +
== Alternatives for Secure File Transfer ==
 +
To address the security concerns of standard FTP, several secure alternatives exist:
 +
 
 +
* '''[[SFTP]] (SSH File Transfer Protocol):''' Runs over the [[Secure Shell|SSH]] protocol (typically on [[Port (computer networking)|port]] 22). SFTP provides both authentication and data encryption by leveraging SSH's secure channel. It is a completely different protocol from FTP, despite the similar name.
 +
* '''[[FTPS]] (FTP Secure):''' Standard FTP enhanced with [[TLS/SSL|TLS/SSL]] encryption. It typically uses port 21 for the control connection (which is then secured with TLS/SSL) and negotiates secure data connections. It is an extension of FTP, not a separate protocol like SFTP.
 +
* '''[[SCP]] (Secure Copy Protocol):''' Also runs over SSH. Primarily designed for simple file transfers from the command line, it is less feature-rich than SFTP but often faster for bulk transfers.
 +
 
 +
'''Important Warning for Seedboxes and Private Servers:'''
 +
 
 +
* Connecting to services like [[Seedbox|Pulsed Media Seedboxes]] or other private servers using standard **FTP on port 21 can often result in connection errors**, particularly when your client is behind a firewall or NAT and attempting to use Active mode, or even due to server-side configurations or firewalls.
 +
* More importantly, standard FTP transmits your username, password, and file data in plaintext, posing a significant [[Computer security|security]] risk.
 +
* '''It is highly recommended to use SFTP (SSH File Transfer Protocol) which typically runs over SSH on port 22.''' SFTP encrypts all data and authentication, is generally more reliable with firewalls (as the client initiates all connections), and offers a secure alternative for file transfers to and from your seedbox or server.
 +
 
 +
== FXP (File eXchange Protocol) ==
 +
While sometimes discussed as a distinct protocol, FXP isn't a separate standard but rather a specific mode of operation for FTP servers and clients. FXP allows direct server-to-server data transfer, bypassing the client machine.
 +
 
 +
In standard FTP, when transferring between two remote servers via a client, the data flows from Server A to the Client, and then from the Client to Server B. FXP attempts to eliminate the client as an intermediary. When the client issues an FXP transfer command, it tells Server A to connect directly to Server B on a specified data port to transfer the file.
 +
 
 +
FXP essentially works by disabling a security check ([[IP Address|IP]] authentication) on the servers that prevents the server from connecting to an unexpected IP for the data connection. While useful for speed when transferring large amounts of data between servers without involving the client's limited bandwidth, it makes the FTP server vulnerable to [[FTP bounce attack]]s. Because of this [[Vulnerability|vulnerability]], FXP is disabled by default in most modern FTP server software.
 +
 
 +
[[Pulsed Media]] [[Seedbox|seedboxes]] historically have FXP enabled, though users should be aware of the associated security implications if not using it carefully.
 +
 
 +
== FTP Client Software ==
 +
Many [[Software application|software applications]] are available that function as FTP [[Client program|clients]], allowing users to connect to FTP servers and perform file transfers. Modern clients often support secure protocols like SFTP and FTPS in addition to standard FTP. Some popular examples include:
 +
* [http://filezilla-project.org/ FileZilla] (Cross-platform, supports FTP, FTPS, SFTP)
 +
* [http://www.smartftp.com/ SmartFTP] (Windows, supports FTP, FTPS, SFTP)
 +
* [http://www.cuteftp.com/ CuteFTP] (Windows, supports FTP, FTPS, SFTP)
 +
* [http://www.flashfxp.com/ FlashFXP] (Windows, supports FTP, FTPS, SFTP)
 +
* WinSCP (Windows, supports SFTP, SCP, FTPS, FTP)
 +
* Various command-line clients included in operating systems (e.g., `ftp`, `sftp`, `scp`).
 +
 
 +
== See also ==
 +
* [[SFTP]]
 +
* [[FTPS]]
 +
* [[SSH]]
 +
* [[TCP/IP]]
 +
* [[Client–server model]]
 +
* [[File transfer]]
 +
* [[Network protocol]]
 +
* [[Port (computer networking)]]
 +
* [[Network address translation|NAT]]
 +
* [[Firewall (computing)|Firewall]]
 +
 
 +
 
 +
== External links ==
 +
* [https://www.rfc-editor.org/rfc/rfc959 RFC 959 - File Transfer Protocol]
 +
* [https://www.cloudflare.com/learning/cdn/what-is-ftp/ Cloudflare: What is FTP?]
 +
* [https://www.ssh.com/academy/ssh/sftp SSH.com: What is SFTP?]
 +
 
 +
 
 +
[[Category:File transfer protocols]]
 +
[[Category:Internet protocols]]
 +
[[Category:Network protocols]]
 +
[[Category:Application layer protocols]]
 +
[[Category:Client–server model]]
 +
[[Category:Technical terms]]
 +
[[Category:File transfer]]
 +
[[Category:Protocols]]
 +
[[Category:Obsolete protocols]]
 +
[[Category:Network security]]

Latest revision as of 11:22, 6 May 2025

The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network. Based on a client-server model architecture, FTP uses separate control and data connections between the client and the server.

Developed in the early days of the ARPANET, FTP is one of the oldest protocols still in use today, dating back to 1971. While efficient for its time, it has significant security drawbacks compared to modern file transfer methods.

Overview and Purpose

The primary purpose of FTP is to enable users to upload files to a server (putting files onto the server) and download files from a server (retrieving files from the server). It operates using two distinct connections:

1. Control Connection: Established on port 21 by default. This connection is used for sending commands from the client to the server (e.g., login credentials, navigate directories, initiate file transfer) and receiving responses from the server (e.g., command successful, file not found, ready to transfer). 2. Data Connection: Established on various ports. This connection is used for the actual transfer of file data. The port used for the data connection is negotiated over the control connection and depends on whether the transfer is in Active or Passive mode.

How it Works: Active vs. Passive Mode

The setup of the data connection distinguishes between Active and Passive FTP modes:

Active Mode FTP
1. The client connects to the server's control port (default 21) and sends commands.
2. When initiating a data transfer (e.g., a download), the client tells the server which data port the *client* is listening on.
3. The server then actively initiates a connection *back to* the client on the specified data port (typically originating from server port 20).
- Issue with Firewalls/NAT: Active mode often causes problems with firewalls and NAT (Network Address Translation) on the client's side. The firewall may block the incoming connection initiated by the server, or the NAT device may not correctly route the incoming connection to the client behind it.
Passive Mode FTP
1. The client connects to the server's control port (default 21) and sends commands.
2. When initiating a data transfer, the client sends a `PASV` command to the server.
3. The server responds by telling the client which data port the *server* is listening on.
4. The client then initiates a connection *to* the server on that specified data port.
- Advantage with Firewalls/NAT: Passive mode is generally more compatible with client-side firewalls and NAT because the client always initiates the connections, which is typically allowed by firewalls.

Due to the widespread use of firewalls and NAT on client networks, Passive mode is the preferred and more reliable method for most FTP connections today.

History

FTP was originally specified in 1971, making it one of the earliest networking protocols. It predates the widespread adoption of TCP/IP, initially running over protocols like NCP. It was later updated to run over TCP/IP and standardized in RFC 959 in 1985, which remains the fundamental specification. Despite its age, its simplicity kept it relevant for basic file transfers for decades.

Security Concerns

A major drawback of standard FTP is its lack of encryption. By default:

  • Authentication is sent in plaintext: Usernames and passwords are sent over the control connection without encryption. Anyone intercepting the traffic can capture login credentials.
  • Data is sent in plaintext: The actual file data transferred over the data connection is also unencrypted. Sensitive information contained within files can be read by anyone monitoring the network traffic.

Due to these significant security risks, using plain FTP (especially over untrusted networks like the internet) is strongly discouraged.

Alternatives for Secure File Transfer

To address the security concerns of standard FTP, several secure alternatives exist:

  • SFTP (SSH File Transfer Protocol): Runs over the SSH protocol (typically on port 22). SFTP provides both authentication and data encryption by leveraging SSH's secure channel. It is a completely different protocol from FTP, despite the similar name.
  • FTPS (FTP Secure): Standard FTP enhanced with TLS/SSL encryption. It typically uses port 21 for the control connection (which is then secured with TLS/SSL) and negotiates secure data connections. It is an extension of FTP, not a separate protocol like SFTP.
  • SCP (Secure Copy Protocol): Also runs over SSH. Primarily designed for simple file transfers from the command line, it is less feature-rich than SFTP but often faster for bulk transfers.

Important Warning for Seedboxes and Private Servers:

  • Connecting to services like Pulsed Media Seedboxes or other private servers using standard **FTP on port 21 can often result in connection errors**, particularly when your client is behind a firewall or NAT and attempting to use Active mode, or even due to server-side configurations or firewalls.
  • More importantly, standard FTP transmits your username, password, and file data in plaintext, posing a significant security risk.
  • It is highly recommended to use SFTP (SSH File Transfer Protocol) which typically runs over SSH on port 22. SFTP encrypts all data and authentication, is generally more reliable with firewalls (as the client initiates all connections), and offers a secure alternative for file transfers to and from your seedbox or server.

FXP (File eXchange Protocol)

While sometimes discussed as a distinct protocol, FXP isn't a separate standard but rather a specific mode of operation for FTP servers and clients. FXP allows direct server-to-server data transfer, bypassing the client machine.

In standard FTP, when transferring between two remote servers via a client, the data flows from Server A to the Client, and then from the Client to Server B. FXP attempts to eliminate the client as an intermediary. When the client issues an FXP transfer command, it tells Server A to connect directly to Server B on a specified data port to transfer the file.

FXP essentially works by disabling a security check (IP authentication) on the servers that prevents the server from connecting to an unexpected IP for the data connection. While useful for speed when transferring large amounts of data between servers without involving the client's limited bandwidth, it makes the FTP server vulnerable to FTP bounce attacks. Because of this vulnerability, FXP is disabled by default in most modern FTP server software.

Pulsed Media seedboxes historically have FXP enabled, though users should be aware of the associated security implications if not using it carefully.

FTP Client Software

Many software applications are available that function as FTP clients, allowing users to connect to FTP servers and perform file transfers. Modern clients often support secure protocols like SFTP and FTPS in addition to standard FTP. Some popular examples include:

  • FileZilla (Cross-platform, supports FTP, FTPS, SFTP)
  • SmartFTP (Windows, supports FTP, FTPS, SFTP)
  • CuteFTP (Windows, supports FTP, FTPS, SFTP)
  • FlashFXP (Windows, supports FTP, FTPS, SFTP)
  • WinSCP (Windows, supports SFTP, SCP, FTPS, FTP)
  • Various command-line clients included in operating systems (e.g., `ftp`, `sftp`, `scp`).

See also


External links

Retrieved from "https://wiki.pulsedmedia.com/index.php?title=FTP&oldid=1002882"