File Transfer Protocol

FTP (File Transfer Protocol)

​What is FTP (File Transfer Protocol)?

​FTP (File Transfer Protocol) definition

FTP (File Transfer Protocol) is a communication protocol designed for file transfer between a client and a server. FTP is a standard Internet protocol and uses TCP/IP for transferring the file from one device to another. It was created in 1971 (RFC 114) by Abhay Bhushan. Later it was updated in 1980, adding the TCP/IP compatibility. Finally, and some years later, in 1985, we got to the current version.

With the time IPv6 support was added, and so was added security extension for FTP. 

FTP was used straight off the Command Prompt or Terminal in the past since there was no graphic user interface (GUI). Now, there are FTP server applications and FTP client applications, both for computers and mobile devices, that provide a GUI.

​Advantages of FTP

  • You can use FTP for transferring large files. 
  • You can send multiple directories with files at the same time and speed up the transfer process. 
  • You can resume an interrupted FTP communication. 
  • Schedule transfers are available. 

​When to use FTP?

  • You can use FTP to download large files over the Internet.
  • Get a backup of your website.
  • Upload a large file to your web hosting.

It used to be far more popular in the past, but now it is still used to download different files over the Internet.

​The 2 FTP transfer modes

There are two modes that FTP has – active mode and passive mode. Both modes start the same. The client will use TCP to establish a connection from a random port to the FTP port 21 of the FTP server.

  • Active mode. The FTP client will be listening for incoming data connections that are coming from the FTP server on port M. The client will send the FTP command PORT M to show to the server that it is listening. When the server gets this feedback, it will establish a channel with the client on port 20 (FTP data port).
  • Passive mode. Due to a restriction, like a firewall stopping incoming connection to the server, there is a passive mode too. The client will use a control connection, and it will send the PASV command to the server. The server will respond with its IP address and port number. Then, using the data, the client will open a data connection from a random port to the IP address and port of the server.

​FTP security.

FTP is not a very secure way of communication. For example, it is possible to spoof the communication, capture the data packets, perform port stealing, make a brute force attack, and so on.

The original FTP does not use any encryption method. So the data packets, if stolen, could be read without any problems, and the data could be in a great risk.

FTP uses an username and password, but it is not enough to ensure security.

To improve the protection of the files that you want to send, you can use one of the following variations of FTP – SFTP (SSH File Transfer Protocol) or FTPS (File Transfer Protocol Secure).

  • SFTP uses SSH and requires only one connection. Not two (control and data) like in FTP. It provides encryption.
  • FTPS uses a SSL/TLS for the encryption of the data. It adds the SSL/TLS in addition to the username and password. It is more similar to the FTP and uses the two channels – data and control.

​Conclusion

FTP is a well-known protocol for file exchange. It is not a perfect protocol, but there are ways to make it more secure and use it.