File Transfer Protocol

from Wikipedia, the free encyclopedia
FTP (File Transfer Protocol)
Family: Internet protocol family
Operation area: Data transfer,
file management
Ports: 20 / TCP DATA Port,
21 / TCP Control Port
FTP in the TCP / IP protocol stack :
application FTP
transport TCP
Internet IP ( IPv4 , IPv6 )
Network access Ethernet Token
FDDI ...
Standards: RFC 354 ( 1972 ),
RFC 959 / STD 9 ( 1985 )
Photo of the first FTP transfer from Amundsen-Scott Research Base (South Pole 1994)
Active Mode (Active FTP): The client sends a request on port 21; the data is transmitted via port 20. In the example, the server sends the data packets to the original return port of the client. However, it is also possible for the client to send the server another port to which the data should be sent.
Illustration of a passive connection establishment via port 21

The File Transfer Protocol [ fʌɪl trɑːnsˌfəˌprəʊtəkɒl ] ( FTP , English for file transfer protocol ) is a stateful network protocol specified in RFC 959 from 1985 for the transfer of files over IP networks. FTP is located in the application layer (layer 7) of the OSI layer model . It is used to transfer files from client to server ( upload ), from server to client ( download ) or client-controlled between two FTP servers ( File Exchange Protocol ). In addition, directories can be created and read out using FTP , and directories and files can be renamed or deleted.

The FTP uses separate connections for control and data transfer : An FTP session begins when a TCP connection is established from the client to the control port of the server (the standard port for this is port 21) . This connection is used to send commands to the server. The server responds to every command with a status code, often with an attached explanatory text. However, most commands are only allowed after successful authentication .

Connection types

A separate TCP connection is used for each process to send and receive files and to transfer directory lists. FTP knows two modes for establishing such connections:

Active FTP

With active FTP (also called "Active Mode") the client opens a random port and informs the server of this and its own IP address using the PORT or EPRT command. This is typically a port of the client that is beyond 1023, but can also be another server that has been switched to passive mode, i.e. is waiting for a connection (so-called FXP ). Today, however, FXP is disabled by default on most FTP servers for security reasons. The data transmission on the server side takes place via port 20. Communication with commands takes place exclusively on the control port. One also speaks of the control "out of band". This means that the partners can still communicate with each other during the data transfer .

Passive FTP

With passive FTP (also known as “passive mode”) the client sends a PASV or EPSV command, the server opens a port and transmits it to the client together with the IP address. Here, a port beyond 1023 is used on the client side and the port previously transmitted to the client on the server side. This technique is used when the server cannot establish a connection to the client. This is the case, for example, when the client is located behind a router that rewrites the client's address using NAT , or when a firewall shields the client's network from outside access. The firewall allows the data connection in this case because it originates within the protected zone.

Public FTP server

Many FTP servers, especially universities , technical colleges and mirrors , offer so-called anonymous FTP . Such FTP server as Pub (v. Engl. Public , public '), respectively. In addition to the real user accounts, a special user account, typically “anonymous” and / or “ftp”, is provided for logging in, for which no (or any) password has to be specified. It used to be "good form" to use your own, valid email address as your password for anonymous FTP . Most web browsers no longer do this because it is not recommended for spam protection reasons.

FTP client

For data transfer, the user needs a so-called FTP client, which is available in different versions:

Web browser

An FTP client is integrated in some browsers . The syntax of FTP addressing in the browser including user with password has been standardized since RFC 1738 . An example: ftp://[ftp_username[:ftp_PWD]@]Servername[:Port]

For the Google Chrome and Firefox browsers, FTP support is now deactivated by default and is being gradually expanded. This reduces the importance of FTP for the purpose of public FTP servers (see previous chapter).


WebFTP is a service offered by web servers that also enables access to FTP servers via HTTP . The presentation takes place within a web browser. With this cloud solution there is no need to install client software or it can be more convenient than any existing board resources of the operating system.


The most original form of using FTP is via the command line . Many operating systems that offer a terminal client also support FTP commands.

File manager

The typical form of using FTP is through a file manager . The file manager of an operating system often also offers support for FTP, such as Windows Explorer . Using additional tools such as WebDrive , an FTP server can also be integrated as a local drive (or drive letter under Microsoft Windows).

Third-party providers offer popular file managers with a larger range of functions, which typically include a two-column view including a comparison of the FTP server and local directory, such as the free WinSCP or shareware file manager Total Commander .

Special programs

A typical representative of a thoroughbred FTP client is FileZilla . In the fully automated mass application in the company, integration solutions are used that usually also master FTP.


There are also many other software programs that have an integrated FTP client, such as HTML editors.

FTP server

PureFTPd and ProFTPD are free FTP server implementations. Also FileZilla as offers FileZilla Server to a server implementation. Examples of commercial FTP server software are Titan FTP Server and WS FTP Server.

Security and Alternatives

FTP is a very old protocol that does not use any cryptographic security algorithms. For certain purposes this can be sufficient or useful for maximum compatibility. If encryption and authentication have to be secured according to the state of the art, there are three further developments of FTP:

Norms and standards

FTP is standardized as a Request for Comments (RFC). The first version was RFC 114 from 1971. Below are the versions that are compatible with today's Internet:

  • RFC 765 - File Transfer Protocol [1980, obsolete]
  • RFC 959 - File Transfer Protocol [1985]
    • Extension RFC 1579 - Firewall Friendly FTP
    • Extension RFC 2228 - FTP Security Extensions
    • Extension RFC 2428 - FTP Extensions for IPv6 and NATs
    • Extension of RFC 2640 - Internationalization of the File Transfer Protocol

Web links

Commons : File Transfer Protocol  - collection of pictures, videos and audio files

Individual evidence

  1. Active FTP vs. Passive FTP, a Definitive Explanation. In: Retrieved September 25, 2018 . Article based on "Active FTP vs. Passive FTP, a Definitive Explanation ”. In: Retrieved September 25, 2018 .
  2. FXP: The Good, The Bad, and The Ugly
  3. ProFTPD and FXP website of ProFTPD . "FTP Bounce Attacks" section. Retrieved March 25, 2016.
  4. ^ Daniel Berger: Firefox soon without FTP support. In: heise online. March 23, 2020, accessed July 13, 2020 .
  5. 4 Popular FTP Servers Reviewed