FTP

Information from The State of Sarkhan Official Records

FTP, or File Transfer Protocol, is a standard network protocol used for transferring files between a client and a server on a computer network.1 It's a fundamental tool for uploading and downloading files, especially for website maintenance and software distribution.

The Need for Two Connections:

The key to understanding FTP lies in its use of two separate TCP (Transmission Control Protocol) connections:

  1. Control Connection (Port 21):
    • This connection is used for sending commands and receiving responses between the client and the server.
    • It's responsible for tasks like:
      • Authentication (username and password).
      • Navigating directories.
      • Listing files.
      • Specifying the type of transfer (ASCII or binary).
      • Sending commands like "RETR" (retrieve) or "STOR" (store).
    • This connection remains open throughout the FTP session, allowing the client to issue multiple commands.
  2. Data Connection (Port 20 or dynamic port):
    • This connection is used for the actual transfer of file data.
    • It's established only when a file transfer is initiated.
    • The way this connection is established differs between two FTP modes:
      • Active Mode:
        • The server initiates the data connection to the client.
        • The client sends its IP address and port number to the server through the control connection.
        • The server then connects to that specified port on the client.
        • This mode can cause problems with firewalls and NAT (Network Address Translation) because the client's firewall might block the incoming connection from the server.
      • Passive Mode:
        • The client initiates the data connection to the server.
        • The client sends the "PASV" command to the server through the control connection.
        • The server responds with a port number that the client should connect to.
        • The client then connects to that port on the server.
        • Passive mode is generally preferred because it works better with firewalls and NAT.

Why Two Connections?

  • Separation of Control and Data: Separating the control and data connections allows for efficient management of the FTP session. The control connection handles the overhead of commands and responses, while the data connection focuses solely on the file transfer.
  • Flexibility and Control: The control connection provides a flexible way to manage the FTP session, allowing the client to issue commands and receive feedback without interrupting the data transfer.
  • Concurrency: While a file is being transferred over the data connection, the client can still use the control connection to issue other commands, such as navigating directories or queuing up other file transfers.

In modern systems, SFTP (SSH File Transfer Protocol) and FTPS (FTP Secure) are generally preferred over traditional FTP due to their encryption capabilities, which provide enhanced security.

When comparing SFTP and FTPS, it's important to understand that while they both provide secure file transfer, they are fundamentally different protocols. Here's a breakdown:

SFTP (SSH File Transfer Protocol):

  • Based on: SSH (Secure Shell) protocol.
  • Encryption: Uses SSH for encryption, providing strong security.
  • Port: Typically uses a single port (port 22).
  • Firewall Friendliness: Generally easier to configure behind firewalls due to single-port usage.
  • Authentication: Supports various authentication methods, including passwords and SSH keys.
  • Platform: Platform-independent, widely supported on Unix/Linux and available for Windows and macOS.
  • How it works: SFTP is a sub system of the SSH protocol. Therefore it is inherently secure, as it is running inside of an encrypted SSH tunnel.

FTPS (FTP Secure):

  • Based on: FTP (File Transfer Protocol) with SSL/TLS encryption.
  • Encryption: Uses SSL/TLS for encryption.
  • Ports: Uses multiple ports (typically port 21 for control and other ports for data), which can complicate firewall configuration.
  • Firewall Friendliness: Can be more difficult to configure behind firewalls due to multiple port requirements.
  • Authentication: Supports various authentication methods, including usernames, passwords, and certificates.
  • Platform: Widely supported by FTP clients and servers.
  • How it works: FTPS adds a security layer (SSL/TLS) to the traditional FTP protocol. This can be done in two ways, Implicit, and Explicit. Explicit is the most common, and requires the client to ask the server to use encryption.

FileZilla's Usage:

  • FileZilla supports both SFTP and FTPS.
  • This gives users flexibility in choosing the protocol that best suits their needs.
  • FileZilla is a versatile FTP client that can handle various secure and insecure file transfer protocols.

Key Differences Summarized:

  • Underlying Protocol: SFTP is based on SSH, while FTPS is based on FTP with SSL/TLS.
  • Port Usage: SFTP uses a single port, while FTPS typically uses multiple ports.
  • Firewall Configuration: SFTP is generally easier to configure behind firewalls.

In many modern scenarios, SFTP is often preferred due to its simpler firewall configuration and strong security provided by SSH.

Retrieved from "https://sarkhan.wiki/index.php?title=FTP&oldid=11699"