FTP

Overview

FTP is an application protocol used to exchange files between computers on the Internet.
FTP uses TCP to establish a session between the client and the server.
FTP always establishes two TCP connections:
The first is the control connection. This connection is made from a random port on the client to port 21 on the server. The FTP commands and error messages are sent over this connection.
The 2nd connection is the data connection. The data connection can be made in two different modes: active mode and passive mode. The way the data connection is established for each of these two modes is different (more later). All FTP data, including file downloads and directory listings, is sent along this connection.
The FTP data connection can work in two ways: active mode and passive mode. In most FTP client applications, passive mode is default:
In passive mode the TCP connection is made from the server to the client. In this case the source port (on the server) is 20 and the destination port (on the client) to the same port on the client machine as was used for the control connection. That’s the theory. In practice most current FTP clients do not behave that way: A new connection is used for each transfer; to avoid running afoul of TCP's TIMEWAIT state, the client picks a new port number each time and sends a PORT command announcing that to the server
In active mode the TCP connection is established from a random high port on the client to a random high port on the server.
When random ports are used for connections, e.g. for the passive mode data connection, then the ports are communicated using the FTP port command. This command is issued in the background without the intervention of the user.
FTP can transmit files either as binary data or as ASCII data.
Key concepts



FTP: File Transfer Protocol


Important commands

netstat (UNIX and Windows)
Use netstat -an to see what sockets are defined on a host. A socket can either be LISTENING or ESTABLISHED.

ftp (UNIX and Windows)

use ftp to establish an FTP connection to a server.

Basic FTP commands are:

bye: quit
cd: change directory
close: close the connection
delete: delete a file
dir: directory listing
get: fetch specified file
lcd: local change directory (on the client)
mdir: make a directory
mget: get multiple files
mput: send multiple files
put: send specified file
pwd: present working directory
rename: duh.
rmdir: remove specified directory


Tips and tricks

The Microsoft Windows command-line FTP client can’t properly do passive FTP. Some other FTP clients are
WS_FTP (http://www.ipswitch.com)
CuteFTP (http://www.cuteftp.com)
FTP Explorer (http://www.winsite.com)
FTP Voyager (http://www.ftpvoyager.com/)
For an excellent description of the FTP commands, see the Windows help for "FTP utility".
To FTP to a server that is not listening on the standard port (21): First open the FTP utility ("ftp [enter]") then use the open command with the IP address and port ("open [enter]"). You have to do this to FTP to a NetSeq unit, which listens on port 821.
The NetSeq firewall uses a process called seepkt_ftp to monitor the FTP control connection for the port command. It can then read the parameters (IP address and port number) from the port command dynamically change it’s packet filter rule set based on this information. This is how the reverse connection for passive mode FTP is handled.
When transferring files between two different operating systems, always use a binary transfer. This eliminates the ASCII encoding formats on the hosts is different. To do a binary transfer, type "bin [enter]" before doing the put or the get.
While using the DOS ftp client, you can execute commands on the local machine by placing "!" before the command. E.g. "!dir" will give you a directory listing on the client machine.