File Transfer Protocol
|FTP (File Transfer Protocol)|
|Family:||Internet protocol family|
|Operation area:||Data transfer,
|Ports:||20 / TCP DATA Port,
21 / TCP Control Port
RFC 354 ( 1972 ),
RFC 959 / STD 9 ( 1985 )
The File Transfer Protocol [ fʌɪl trɑːnsˌfəˌprəʊtəkɒl ] ( FTP , English for file transfer protocol ) is a stateful network protocol specified in RFC 959 from 1985 for the transfer of files over IP networks. FTP is located in the application layer (layer 7) of the OSI layer model . It is used to transfer files from client to server ( upload ), from server to client ( download ) or client-controlled between two FTP servers ( File Exchange Protocol ). In addition, directories can be created and read out using FTP , and directories and files can be renamed or deleted.
The FTP uses separate connections for control and data transfer : An FTP session begins when a TCP connection is established from the client to the control port of the server (the standard port for this is port 21) . This connection is used to send commands to the server. The server responds to every command with a status code, often with an attached explanatory text. However, most commands are only allowed after successful authentication .
A separate TCP connection is used for each process to send and receive files and to transfer directory lists. FTP knows two modes for establishing such connections:
With active FTP (also called "Active Mode") the client opens a random port and informs the server of this and its own IP address using the PORT or EPRT command. This is typically a port of the client that is beyond 1023, but can also be another server that has been switched to passive mode, i.e. is waiting for a connection (so-called FXP ). Today, however, FXP is disabled by default on most FTP servers for security reasons. The data transmission on the server side takes place via port 20. Communication with commands takes place exclusively on the control port. One also speaks of the control "out of band". This means that the partners can still communicate with each other during the data transfer .
With passive FTP (also known as “passive mode”) the client sends a PASV or EPSV command, the server opens a port and transmits it to the client together with the IP address. Here, a port beyond 1023 is used on the client side and the port previously transmitted to the client on the server side. This technique is used when the server cannot establish a connection to the client. This is the case, for example, when the client is located behind a router that rewrites the client's address using NAT , or when a firewall shields the client's network from outside access. The firewall allows the data connection in this case because it originates within the protected zone.
Public FTP server
Many FTP servers, especially universities , technical colleges and mirrors , offer so-called anonymous FTP . Such FTP server as Pub (v. Engl. Public , public '), respectively. In addition to the real user accounts, a special user account, typically “anonymous” and / or “ftp”, is provided for logging in, for which no (or any) password has to be specified. It used to be "good form" to use your own, valid email address as your password for anonymous FTP . Most web browsers no longer do this because it is not recommended for spam protection reasons.
For data transfer, the user needs a so-called FTP client, which is available in different versions:
An FTP client is integrated in some browsers . The syntax of FTP addressing in the browser including user with password has been standardized since RFC 1738 . An example:
For the Google Chrome and Firefox browsers, FTP support is now deactivated by default and is being gradually expanded. This reduces the importance of FTP for the purpose of public FTP servers (see previous chapter).
WebFTP is a service offered by web servers that also enables access to FTP servers via HTTP . The presentation takes place within a web browser. With this cloud solution there is no need to install client software or it can be more convenient than any existing board resources of the operating system.
The typical form of using FTP is through a file manager . The file manager of an operating system often also offers support for FTP, such as Windows Explorer . Using additional tools such as WebDrive , an FTP server can also be integrated as a local drive (or drive letter under Microsoft Windows).
Third-party providers offer popular file managers with a larger range of functions, which typically include a two-column view including a comparison of the FTP server and local directory, such as the free WinSCP or shareware file manager Total Commander .
There are also many other software programs that have an integrated FTP client, such as HTML editors.
PureFTPd and ProFTPD are free FTP server implementations. Also FileZilla as offers FileZilla Server to a server implementation. Examples of commercial FTP server software are Titan FTP Server and WS FTP Server.
Security and Alternatives
FTP is a very old protocol that does not use any cryptographic security algorithms. For certain purposes this can be sufficient or useful for maximum compatibility. If encryption and authentication have to be secured according to the state of the art, there are three further developments of FTP:
- Securing FTP with TLS (often abbreviated as FTPS),
- SSH File Transfer Protocol (SFTP) and
- AS3 (FTP upgraded with S / MIME and MDN delivery receipts).
Norms and standards
- RFC 765 - File Transfer Protocol [1980, obsolete]
- RFC 959 - File Transfer Protocol 
- Electronics Compendium: FTP - File Transfer Protocol
- List of FTP commands
- Setting up your own home FTP server for Windows operating systems
- FTP server online tester including authentication, connection types and encryption
Active FTP vs. Passive FTP, a Definitive Explanation. In: slacksite.com. Retrieved September 25, 2018 . Article based on "Active FTP vs. Passive FTP, a Definitive Explanation ”. In: alenfelder.com. Retrieved September 25, 2018 .
- internetblog.org.uk: FXP: The Good, The Bad, and The Ugly
- ProFTPD and FXP website of ProFTPD . "FTP Bounce Attacks" section. Retrieved March 25, 2016.
- Daniel Berger: Firefox soon without FTP support. In: heise online. March 23, 2020, accessed July 13, 2020 .
- techwensch.com: 4 Popular FTP Servers Reviewed