About FTPFTP is an acronym or initialism of the phrase 'File Transfer Protocol. This protocol, very basically speaking, is a method of transfer data from one computer to another over the Internet, or through a network.
More technically, FTP is a protocol used for transferring and manipulating files over a TCP/IP Network. FTP uses only TPC packets and by default listens on port 21 (though can be configured to any port).
The objectives of FTP are:
- To promote sharing of files (computer programs and/or data).
- To encourage indirect or implicit use of remote computers.
- To shield a user from variations in file storage systems among different hosts.
- To transfer data reliably, and efficiently.
FTP operates in one of two modes:
Passive Mode. In passive mode, the FTP server opens a random port greater than port 1023, sends the FTP client the server's IP address to connect to along with the port which it is listening over the control stream and waits for a connection from the FTP client.
To use passive mode, the client sends the PASV command to which the server would reply with something similar to "227 Entering Passive Mode (127,0,0,1,78,52)".
The second, and most common mode is Active Mode. In active mode, the FTP client opens a random port greater than 1023, sends the FTP server the random port number on which it is
listening over the control stream and waits for a connection from the
FTP server. The difference being when the FTP server initiates the data connection to the
FTP client it binds the source port to port 20 on the FTP server.
In order to use active mode, the client sends a PORT command, with the IP and port as argument.
In 1998, RFC 2428 extended passive mode. The FTP server operates in the same way as passive mode, however it only transmits the port number (not broken into high and low bytes) and the client is to assume that it connects to the same IP address that was originally connected to.
There are several 'issues' with FTP. First and foremost is the transport of passwords in clear text! This is a rather concerning flaw with ftp but is very easily solved by use of SSL/TLS or a progression of FTP such as SCP (Secure Copy - An FTP like protocol run within SSH) or SFTP (FTP through SSH).
Another issue is it is possible to abuse the protocol's built-in proxy features to tell a server to send data to an arbitrary port of a third computer. A very real problem for the server provider.
The final big issue with FTP is the lack of restart/retransfer and integrity checking. which means if there is an issue in the transfer of a file there is no automatic way to detect this and resolve it. There are MD5 and CRC integrity checks but these are not part of the FTP and are not widely supported.