File Transfer Protocol (FTP) is a standard network protocol used to transfer files between a client and a server over a TCP/IP network. Created in 1971, it remains a foundational technology for web development, system administration, and bulk data movement. However, because original FTP transmits data in plaintext, modern secure variations like SFTP and FTPS are now required for secure network transfers. The Dual-Channel Architecture
Unlike protocols that send commands and data over a single connection, FTP uses a unique out-of-band control architecture. It establishes two separate channels to handle communication:
The Command Channel (Port 21): The client connects to the server on TCP port 21. This channel stays open for the entire session and is used exclusively for authentication and passing instructions like changing directories (CWD), listing files (LIST), or requesting file downloads (RETR).
The Data Channel (Port 20 or Random): A separate connection is opened dynamically whenever an actual file or directory list is transferred. This channel closes immediately after the specific file transfer is complete, while the command channel stays active. Active vs. Passive Connection Modes
Because FTP creates a separate channel for data, network firewalls can often disrupt the connection. To solve this, FTP operates in two distinct connection modes: 1. Active Mode
The client connects from a random port to the server’s Port 21 to start the command channel.
The client sends the PORT command, telling the server which local port it is listening on for data.
The server initiates the data connection from its own Port 20 back to the client’s specified port.
The Problem: Modern client-side firewalls or routers usually block unauthorized incoming connections from external servers, breaking the transfer. 2. Passive Mode (PASV) The client connects to the server’s Port 21.
The client sends the PASV command to indicate it cannot accept incoming connections.
The server opens a random unprivileged port locally and passes this port number back to the client.
The client initiates the data connection to that specific server port.
The Benefit: This avoids client-side firewall restrictions since all connections are initiated from the inside out. Securing Network File Transfers
Leave a Reply