File Transfer ProtocolFTP

Compiled by Dr Ali Mansour

FTP Introduction• FTP (RFC 959) is an application layer protocol designed to

transfer large files across a network from one system to another.• FTP is based on a client/server model.• Any Linux system can operate as an FTP server. It only has to run

the server software - an FTP daemon with the appropriate configuration.

• Transfers are made between user accounts on client and server systems.– A user on the remote system has to log in to an account on a server and

can then transfer files to and from that account’s directories only.– A special kind of user account, named ftp, allows any user to log in to it with

the username “anonymous.” This account has its own set of directories and files that are considered public, available to anyone on the network who wants to download them.

• The numerous FTP sites on the Internet are FTP servers supporting FTP user accounts with the anonymous login.

Types of FTP

• Active FTP. – Client establishes connection to port 21 of FTP

server. Whenever clients requests data…– An FTP server establishes a data connection to

client. – May cause problems with firewalls

• Passive FTP. – Client establishes connection to port 21 of FTP

server. Whenever clients requests data…– A client establishes a data channel to server by

itself.

Understanding FTP Components• File Transfer Protocol• FTP User Interface (UI)• Protocol Interpreter (PI)• FTP Commands• Data Transfer Process (DTP)• File System

• TCP Transport• TCP-based Command Connection• TCP-based Data Transfer Connection

The well-known port 21 is used for the control connection and the well-known port 20 for the data connection.

Understanding FTP Components (cont.)

FTP Commands

Sample FTP Communications

6

Content presented here may be different depending on protocol analyzer used

Example 1The following shows an actual FTP session for retrieving a list of items in a directory. The coloured lines show the responses from the server control connection; the black lines show the commands sent by the client. The lines in white with a black background show data transfer.

1. After the control connection is created, the FTP server sends the 220 response.

2. The client sends its name.3. The server responds with 331.4. The client sends the password (not shown).5. The server responds with 230 (user log-in is OK).6. The client sends the list command (ls reports) to find the list of files on the

directory named report.7. Now the server responds with 150 and opens the data connection.8. The server then sends the list of the files or directories on the data

connection.9. The client sends a QUIT command.10. The server responds with 221.

Forouzan, 2007

Forouzan, 2007

Example 2

This example demonstrates anonymous FTP.

It is assumed that some public data are available at internic.net.

Forouzan, 2007

FTP Servers• FTP server software consists of an FTP daemon and configuration

files.– When a request is received, the daemon manages a login, sets up the

connection to the requested user account, and executes any FTP commands the remote user sends.

– For anonymous FTP access, the FTP daemon allows the remote user to log in to the FTP account using anonymous or ftp as the username. The user then has access to the directories and files set up for the FTP account.

• As a further security measure, the daemon changes the root directory for that session to be the FTP home directory (i.e. hiding the rest of the system from the remote user).– Normally, any user on a system can move around to any directories

open to him/her.– A user logging in with anonymous FTP can see only the FTP home

directory and its subdirectories. The remainder of the system is hidden from that user.

• By default, the FTP server also requires a user be using a valid shell. It checks for a list of valid shells in the /etc/shells file. Most daemons have options for turning off this feature.

FTP ServersExamples of FTP servers available for use on Fedora and Red Hat systems:vsftpd

– Very Secure FTP Server provides a simple and very secure FTP server

Pureftpd– The Pure FTPD server is a lightweight, fast, and secure FTP

server, based upon Troll-FTPd.

Proftpd– ProFTPD is a popular FTP daemon based on an Apache Web

server design. It features simplified configuration and support for virtual FTP hosts.

NcFTPd– a commercial product produced by the same programmers who

did the NcFTP FTP client.

FTP ServersSeveral security-based FTP servers are also available:SSLFTP

– SSLFTP uses SSL (Secure Sockets Layer) to encrypt and authenticate transmissions, as well as MD5 digests to check the integrity of transmitted files.

SSH sftpd– SSH sftpd is an FTP server that is now part of the

Open SSH package, using SSH encryption and authentication to establish secure FTP connections.

Gssftpd– The server is part of the Kerberos 5 package and

provides Kerberos-level security for FTP operations.

FTP Clients

• FTP clients are commonly used to download software from public FTP sites that operate as software repositories.

• These sites feature anonymous logins that let any user access their files.

• Basic FTP client capabilities are incorporated into the Konqueror (KDE) and Nautilus (GNOME) file managers.– You can use a file manager window to access an FTP

site and drag files to local directories to download them.– Effective FTP clients are also incorporated into most

Web browsers, making Web browsers a primary downloading tool. Firefox in particular has strong FTP download capabilities.

FTP Clients• As an alternative, to access private sites, you may need a

standalone FTP client like curl, wget, gFTP or ftp. These clients let you enter user names and passwords with which you can access a private FTP site.

• Standalone clients are also useful for large downloads from public FTP sites, especially those with little or no Web display support.

Summary

• FTP is an application layer protocol used to transfer files from one computer to another.

• Although FTP is an old TCP/IP service, it remains useful today

• The greatest volume of data exchange in the Internet today is due to file transfer.

• Two TCP ports are used: 20 for data connection and 21 for control connection.

• FTP uses the client/server architecture.• Linux has both systems.

Directed Reading and Self Study

• Investigate how an FTP server can be secured

• Use Wireshark to capture FTP traffic. Analyse the captured packets.