
The FTP protocol is a standard network protocol used for transferring files over the internet. It's been around since the 1970s, and its simplicity is part of its enduring appeal.
FTP uses a client-server architecture, where a user on a client machine initiates a connection to an FTP server. This connection allows the user to send and receive files to and from the server.
The FTP protocol operates on TCP port 21, which is the default port for FTP connections. This port is used for both control and data connections.
You might enjoy: Free Ftp Server Website
History of FTP
The File Transfer Protocol (FTP) has a rich history that dates back to 1971 when the original specification was written by Abhay Bhushan and published as RFC114 on April 16th.
FTP initially ran on NCP, the predecessor of TCP/IP, until 1980 when it was replaced by a TCP/IP version.
The current specification of FTP was published in RFC959 in October 1985.
A fresh viewpoint: Secure Ftp Tcp Port
Several proposed standards have amended RFC959, including RFC1579 which enabled Firewall-Friendly FTP, also known as passive mode.
RFC2228 proposed security extensions to FTP in June 1997.
RFC2428 added support for IPv6 and defined a new type of passive mode in September 1998.
Simple File Transfer Protocol (SFTP) was proposed as a separate protocol in RFC913, but it was never widely accepted and is now assigned Historic status by the IETF.
SFTP ran through port 115 and supported a command set of 11 commands, as well as three types of data transmission: ASCII, binary, and continuous.
If this caught your attention, see: Secure Ftp vs Sftp
FTP Protocol Basics
FTP stands for File Transfer Protocol, used to exchange files between a server and a client.
There are three main configurations for using FTP: downloading a file from the server to the client, uploading a file from the client to the server, and sharing files between two servers using the File Exchange Protocol.
Files can be managed using FTP, allowing you to create, change, read, or delete directories, rename, move, or delete files, and manage permissions for files.
Permissions management is a key feature of FTP, represented by a three-digit numerical value. For example, the value "777" means that anyone can access, modify, or execute the files.
For another approach, see: Aws S3 Ftp Client
Protocol Overview
The FTP protocol is used to exchange files between a server and a client, and it's a crucial tool for anyone working with files online.
There are three main configurations for FTP: downloading a file from the server to the client, uploading a file from the client to the server, and sharing files between two servers using the File Exchange Protocol.
FTP allows users to create, change, read, or delete directories, as well as rename, move, or delete files. It also enables permissions management for files, with authorization structures represented by a three-digit numerical value.
For example, the value "777" means that anyone can access, modify, or execute the files. This is useful for controlling who can access and modify files on a server.
FTP can run in either active or passive mode, which determines how the data connection is established. In active mode, the client starts listening for incoming data connections from the server on port M.
For more insights, see: Ftp Server Site
In situations where the client is behind a firewall and unable to accept incoming TCP connections, passive mode may be used. In this mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server.
The server responds over the control connection with three-digit status codes in ASCII, such as "200" (or "200 OK") to indicate that the last command was successful.
On a similar theme: How Can I Access Ftp Site
Structures
File structures are a crucial aspect of the FTP protocol, and understanding them can help you navigate file transfers with ease.
Most contemporary FTP clients and servers only support the F or FILE structure, which views files as an arbitrary sequence of bytes, characters, or words.
This is the usual file structure on Unix systems and other systems like CP/M, MS-DOS, and Microsoft Windows.
The R or RECORD structure, on the other hand, views files as divided into records, which may be fixed or variable length.
This file organization is common on mainframe and midrange systems, such as MVS, VM/CMS, OS/400, and VMS, which support record-oriented filesystems.
Simple File Transfer Protocol (SFTP), defined by RFC913, supports three types of data transmission: ASCII, binary, and continuous.
For systems with a word size that is a multiple of 8 bits, the implementation of binary and continuous is the same.
Here are the different file structures defined in the FTP protocol:
- F or FILE structure (stream-oriented)
- R or RECORD structure (record-oriented)
- P or PAGE structure (page-oriented)
The P or PAGE structure, which was specifically designed for TENEX systems, is generally not supported on other platforms and is recommended not to be implemented by RFC1123 section 4.1.2.3.
Data Format
Data Format is a crucial aspect of the FTP protocol. It's essential to understand how data is formatted to ensure seamless file transfers.
The FTP protocol uses a standard format for transferring files, which includes a header, a data block, and a footer. This format is used for both ASCII and binary files.
Curious to learn more? Check out: Download Azure Wiki Files
Each FTP command is preceded by a three-letter code, such as "USER" or "PASS", which is used to identify the command. This code is followed by a space and then the command parameters.
The data block in the FTP protocol is used to transfer the actual file data. It's divided into a 32-bit length field and the file data itself. This format is used for both ASCII and binary files.
FTP supports both ASCII and binary file transfers. ASCII transfers are used for text files, while binary transfers are used for files that contain binary data.
Additional reading: Azure Devops Wiki Code Block
Differences from HTTP
FTP has a stateful control connection that maintains a current working directory and other flags, making it very different from the stateless HTTP protocol.
Each FTP transfer requires a secondary connection through which the data are transferred, which can be a pain for firewalls and NAT gateways.
In "passive" mode, this secondary connection is from client to server, whereas in the default "active" mode, it's from server to client - a role reversal that can cause headaches.
Firewalls and NAT gateways struggle with FTP because of the random port numbers used for transfers, which is not the case with HTTP.
Setting up an FTP control connection can be slow due to the round-trip delays of sending commands and awaiting responses.
It's customary to bring up a control connection and hold it open for multiple file transfers, rather than dropping and re-establishing the session each time.
In contrast, HTTP originally dropped the connection after each transfer, but has since gained the ability to reuse the TCP connection for multiple transfers.
The control connection is idle while FTP is transferring over the data connection, which can cause problems if the transfer takes too long.
Discover more: Ftp vs Http Protocol
Security and Authentication
FTP login utilizes a normal username and password scheme for granting access. The username is sent to the server using the USER command, and the password is sent using the PASS command.
Security is a major concern with FTP, as it was not designed to be secure. In May 1999, the authors of RFC 2577 listed vulnerabilities to problems such as brute-force attacks, FTP bounce attacks, packet capture, and spoofing attacks.
To secure FTP, you can use the secure versions of the insecure protocols, such as FTPS instead of FTP and TelnetS instead of Telnet. You can also use a different, more secure protocol that can handle the job, such as SSH File Transfer Protocol or Secure Copy Protocol.
Here are some common solutions to the security problems with FTP:
- Using the secure versions of the insecure protocols, e.g., FTPS instead of FTP and TelnetS instead of Telnet.
- Using a different, more secure protocol that can handle the job, e.g. SSH File Transfer Protocol or Secure Copy Protocol.
- Using a secure tunnel such as Secure Shell (SSH) or virtual private network (VPN).
Security
FTP, or File Transfer Protocol, has some serious security weaknesses. It was not designed with security in mind, and as a result, it's vulnerable to a number of attacks.
Some of the security issues with FTP include brute-force attacks, FTP bounce attacks, packet capture, port stealing, spoofing attacks, and username enumeration. These are all serious problems that can compromise the security of your data.
FTP does not encrypt its traffic, which means that all transmissions are in clear text. This makes it easy for anyone who can perform packet capture (or sniffing) on the network to read your usernames, passwords, commands, and data.
Related reading: Why Is the Aaa Protocol Important in Network Security
Common solutions to this problem include using the secure versions of the insecure protocols, such as FTPS instead of FTP. Alternatively, you can use a different, more secure protocol that can handle the job, like SSH File Transfer Protocol or Secure Copy Protocol.
Here are some common security issues with FTP and their solutions:
Explicit FTPS is an extension to the FTP standard that allows clients to request FTP sessions to be encrypted. This is done by sending the "AUTH TLS" command, and the server has the option of allowing or denying connections that do not request TLS.
Login
Login authentication in FTP is a straightforward process. The username is sent to the server using the USER command, and the password is sent using the PASS command.
If the information provided by the client is accepted by the server, the server will send a greeting to the client and the session will commence. However, some servers may authorize only limited access for anonymous logins.
Users can log in without providing login credentials, but this is not always the case. In fact, many FTP hosts whose purpose is to provide software updates will allow anonymous logins.
Some FTP clients, like Mozilla Firefox and KDE Konqueror, even supply dummy data as the password for anonymous logins. Here are some examples of what these clients might use:
- Mozilla Firefox (3.0.7) — [email protected]
- KDE Konqueror (3.5) — anonymous@
- wget (1.10.2) — -wget@
- lftp (3.4.4) — lftp@
In general, it's worth noting that no verification is actually performed on the supplied data for anonymous logins. This means that anyone can access an FTP server that allows anonymous logins without needing a password.
Traversal and Connection
Traversal and connection can be a challenge with FTP, especially when dealing with NATs and firewalls. NATs don't allow connections from the Internet towards internal hosts, which makes it hard for FTP servers to connect back to clients.
The FTP client and server can use the PASV command to establish a data connection from the client to the server, which is widely used by modern FTP clients. This approach is a game-changer for traversing NATs and firewalls.
Alternatively, the NAT can alter the values of the PORT command using an application-level gateway, but this is less common.
For text files, FTP offers different format control options to control how the file would be printed. The options are: Non-print, Telnet, and ASA. Most contemporary FTP clients and servers only support the default format control of Non-print.
Readers also liked: Control and Provisioning of Wireless Access Points Protocol
Nat and Firewall Traversal
FTP connections can be tricky to establish behind a NAT or firewall, as they typically involve the server connecting back to the client. This doesn't work well with NATs and firewalls, which block incoming connections from the Internet.
One of the main issues is that the PORT command, which is used to establish the data connection, refers to the internal host's IP address and port, not the public IP address and port of the NAT.
There are two common solutions to this problem. One is to use the PASV command, which causes the data connection to be established from the FTP client to the server, making it work better with NATs and firewalls. This approach is widely used by modern FTP clients.
Broaden your view: Ftp Protocol Port
Another approach is for the NAT to alter the values of the PORT command, using an application-level gateway for this purpose. This method requires some extra setup and configuration, but it can be effective in certain situations.
Here are the different format control options provided for text files, which control how the file would be printed:
- Non-print (TYPE A N and TYPE E N) – the file does not contain any carriage control characters intended for a printer
- Telnet (TYPE A T and TYPE E T) – the file contains Telnet (or in other words, ASCII C0) carriage control characters (CR, LF, etc)
- ASA (TYPE A A and TYPE E A) – the file contains ASA carriage control characters
These format control options were mainly relevant to line printers, but most contemporary FTP clients and servers only support the default format control of N.
Establishing an Session
Establishing an FTP session can be done with a TCP connection, where the client sends commands to the desired server. You can use either active or passive mode, but passive mode is usually used when a server-side connection is not possible.
In active mode, the client takes initiative and opens a port, then contacts the server and informs it of its own IP address and the selected port. This allows for parallel file transfers via a control port.
For more insights, see: Dns Protocol Port

To establish a connection using an FTP client, you first have to log in, specifying the FTP server address or IP address, port, user name, and password. You can use a separate software or rely on the FTP client integrated in most browsers.
The passive method involves the client requesting the server to open a port through a PASV- or EPSV command, and the server returns a response containing the port and its IP address. This allows a connection to be made.
Data Transfer and Modes
Data transfer in FTP can be done in three primary modes: Stream mode, Block mode, and Compressed mode. Stream mode, or MODE S, sends data as a continuous stream, leaving all processing to TCP.
Block mode, or MODE B, is designed for transferring record-oriented files and can also be used for stream-oriented text files. It's worth noting that most contemporary FTP clients and servers don't implement MODE B or MODE C.
Compressed mode, or MODE C, extends MODE B with data compression using run-length encoding. This mode is less commonly used due to the prevalence of other compression methods.
Some FTP software implements a DEFLATE-based compressed mode, known as "Mode Z", which enables data compression using the DEFLATE algorithm. However, this mode is not standardized.
Here's a quick rundown of the three main data transfer modes in FTP:
- Stream mode (MODE S): Continuous stream of data, no processing by FTP
- Block mode (MODE B): Designed for record-oriented files, can also be used for stream-oriented text files
- Compressed mode (MODE C): Extends MODE B with data compression using run-length encoding
FTP can run in either active or passive mode, which determines how the data connection is established.
FTP Managers and Tools
File managers like File Explorer on Microsoft Windows and Dolphin on KDE Linux support FTP and SFTP connections.
The native file managers for KDE on Linux, Dolphin and Konqueror, support both FTP and SFTP, making it a great option for Linux users.
On Android, the My Files file manager has a built-in FTP and SFTP client, making it easy to manage files on your device.
Most web browsers use passive (PASV) mode by default, which helps traverse end-user firewalls.
Download managers like DownloadStudio not only allow you to download files from FTP servers but also give you the ability to view the list of files on a FTP server.
Curious to learn more? Check out: Como Mudar O Caminho Do Ftp No Linux Ubuntu
Over SSH
Over SSH, you have two main options for securing your FTP connections: FTP over SSH and SSH File Transfer Protocol (SFTP). FTP over SSH is particularly difficult to set up due to FTP's multiple TCP connections.
Tunneling a normal FTP session over a Secure Shell connection is the practice of FTP over SSH. This method will only protect the control channel, leaving data channels vulnerable to interception.
With many SSH clients, attempting to set up a tunnel for the control channel will protect only that channel, but when data is transferred, the FTP software at either end sets up new TCP connections and thus have no confidentiality or integrity protection.
To secure the data channels, the SSH client software must have specific knowledge of the FTP protocol, to monitor and rewrite FTP control channel messages and autonomously open new packet forwardings for FTP data channels.
Some software packages that support this mode include Tectia ConnectSecure (Win/Linux/Unix) of SSH Communications Security's software suite.
SSH File Transfer Protocol (SFTP) transfers files and encrypts both commands and data, preventing passwords and sensitive information from being transmitted openly over the network.
Curious to learn more? Check out: Company Wiki Software
Reply Codes
FTP reply codes are standardized in RFC959 by the IETF. They are a three-digit value, with the first digit indicating one of three possible outcomes: success, failure, or an error or incomplete reply.
The first digit of an FTP reply code can be 2, indicating a success reply, 4 or 5, indicating a failure reply, or 1 or 3, indicating an error or incomplete reply.
The second digit defines the kind of error: x0z for syntax errors, x1z for information replies, x2z for connection-related replies, x3z for authentication and accounting replies, x4z for undefined errors, or x5z for file system-related replies.
Here's a breakdown of the second digit's meanings:
- x0z: Syntax errors
- x1z: Information replies
- x2z: Connection-related replies
- x3z: Authentication and accounting replies
- x4z: Undefined errors
- x5z: File system-related replies
The third digit of the reply code provides additional detail for each of the categories defined by the second digit.
FTP Commands and Syntax
The syntax of an FTP URL is described in RFC 1738 and takes the form ftp://[user[:password]@]host[:port]/url-path, with optional bracketed parts.
To connect to an FTP server, you'll need to know the correct syntax, which can be found in the browser's documentation, such as Firefox and Internet Explorer.
To get a list of possible commands once connected to a server, simply type "help" in the command line.
For more information on command parameters, enter ftp /? in Windows or ftp --help in Unix.
Commands
To access the command parameters for FTP, simply type ftp /? in Windows or ftp --help in Unix.
You can get a list of possible commands by typing help once connected to a server.
Syntax Edit
The syntax of FTP URLs is described in RFC 1738. It takes the form of ftp://[user[:password]@]host[:port]/url-path, with the bracketed parts being optional.
For example, the URL ftp://public.ftp-servers.example.com/mydirectory/myfile.txt represents a file on a server. The URL includes the server name, directory, and file name.
You can also specify a username and password in the URL, as seen in ftp://user001:[email protected]/mydirectory/myfile.txt. This is useful for accessing resources that require authentication.
Most web browsers use passive (PASV) mode by default, which makes it easier to traverse end-user firewalls.
Additional reading: Theonion Com Wiki
FTP Connection Methods
To connect to an FTP server, you can use a separate software installed on your computer, known as an FTP client.
Many users rely on the FTP client integrated in their browsers, but you can also resort to WebFTP, an FTP client that can be executed and displayed in the web browser.
To establish a connection, you need to log in with your user name and password after specifying the FTP server address or IP address and port.
You can navigate directories from within the web browser using WebFTP, making it a convenient option for those who prefer a browser-based solution.
For another approach, see: Access Ftp via Browser
Encryption
Encryption is a crucial aspect of the FTP protocol, ensuring the secure transfer of files.
File Transfer Protocol Secured (Using SSL / TLS) is a widely used encryption method. It's a standard practice for many online services to use this method, and you've probably seen it in action when accessing websites over HTTPS.
Recommended read: Ftp Secure File Transfer
SSH File Transfer Protocol (Using SSH) is another encryption method used for secure file transfers. This method is particularly useful for remote access and is often used by developers and system administrators.
The use of encryption in FTP protocols provides an extra layer of security, protecting files from unauthorized access.
Here are some common encryption methods used in FTP protocols:
- File Transfer Protocol Secured (Using SSL / TLS)
- SSH File Transfer Protocol (Using SSH)
Servers
Servers play a crucial role in the File Transfer Protocol (FTP) ecosystem. The original specification for FTP was written by Abhay Bhushan and published as RFC114 on 16 April 1971.
Some popular open source FTP server implementations include FileZilla Server, Pure-FTPd, VsFTPd, and ProFTPd. These servers are available for various operating systems, including Windows and Unix.
The first FTP servers ran on NCP, the predecessor of TCP/IP, until 1980. This was when the protocol was replaced by a TCP/IP version, RFC765 (June 1980) and RFC959 (October 1985), the current specification.
Here are some popular open source FTP server implementations:
- FileZilla Server (Windows)
- Pure-FTPd (Unix)
- VsFTPd (Unix)
- ProFTPd (Unix)
Featured Images: pexels.com


