FTP Fundamentals
FTP is built on the client-server model architecture. To use it you need 2 main components:
- a FTP server: that is the software program that runs on the server from which you will be manipulating files
- a FTP client: that is the software you run to access the files on that server. It would typically looks like this:
The Use cases of FTP
Website administrator: The most common use case for FTP is to manage a site made with something like wordpress, joomla, Drupal, ... Using FTP, administrators can upload new files and content to their servers, update web pages and scripts, manage media files, back up their website data, ...
Software distribution: Historically most softwares in the linux world were publish through mirrors on FTP servers. For example: ftp.debian.org, ftp.gnu.org, ftp.slackware.com.
Network Storage: Many enterprises do use FTP to provide network storage solutions and be able to share data both internally and externally. There is literally millions of those on the internet.
The different type of FTP clients
Assuming you have an FTP server somewhere you know either its IP address or have a domain name, you can access such server through a tool called an FTP client. Depending on what you are trying to do, you will find different types of clients:
- command-line based client: ftp or lftp
- desktop client: Filezilla, Cyberduck
- web client: Filestash, MonstaFTP
The role of those clients is to talk to your server using the FTP protocol and perform the action you want to do on that server. For example, if you are hosting WordPress and want to change your theme, you will be able to use that client to update some data on your server.
How to access an FTP server?
For the sake of this guide, we will be connecting to the gnu ftp server available from: ftp://ftp.gnu.org. To make things really simple we will be connecting to it via a web client:
How FTP works?
FTP is a standard that has evolved over time to take advantage of technological advances we’ve had over the last 50 years. In its currently used format, the protocol is an entirely TCP based service without any UDP components. What makes FTP different is how it uses 2 connections, a first one for the control exchange which runs typically on port 21 and another one for data exchange which is typically using port 20 and random port > 1024.
The model of FTP as described in RFC959:
-------------
|/---------\|
|| User || --------
||Interface|<--->| User |
|\----^----/| --------
---------- | | |
|/------\| FTP Commands |/----V----\|
||Server|<---------------->| User ||
|| PI || FTP Replies || PI ||
|\--^---/| |\----^----/|
| | | | | |
-------- |/--V---\| Data |/----V----\| --------
| File |<--->|Server|<---------------->| User |<--->| File |
|System| || DTP || Connection || DTP || |System|
-------- |\------/| |\---------/| --------
---------- -------------
Server-FTP USER-FTP
legend:
- PI: "protocol interpreter"
- DTP: "data transfer process"
If you want to know all the intricacies of FTP, its mode and commands, a good starting point is RFC959. If you feel like a historian, you might want to read the very first RFC114 and if that's still not enough you want to dig through RFC 697, RFC 765, RFC 1579, RFC 1635, RFC 1639, RFC 1738, RFC 2228, RFC 2389, RFC 2428, RFC 2577, RFC 2640, RFC 3659, RFC 5797, RFC 7151.
FTP FAQs
What FTP stands for?
"File Transfer Protocol".
Is FTP secure?
FTP is as secure as HTTP. In practice most people referring to FTP would have their server setup to accept FTPS connections and FTPS is as secure as HTTPS.
Who invented FTP?
FTP was invented by Abhay Bhushan while he was a student at MIT. Fun fact, he also work on the early version of emails.
When was FTP invented?
The original spec of FTP was published the 16 April 1971.
What are the 3 most common FTP servers?
According to shodan, the most popular FTP server is PureFTPd with 26% market share, followed by Bftpd and Microsoft FTPD.
Is SFTP the same as FTPS?
No! FTPS and SFTP both enable secure file exchange over a network but the way they work under the hood are completely different in the same way apples and oranges taste vastly different despite both being fruits.
What is anonymous FTP?
The anonymous user is a special account enabled on certain FTP servers, allowing individuals to browse and download resources without the capability to modify the server's content.
FTP has the reputation to be tricky to deploy, why is that?
Contrary to some other file transfer protocols (like SFTP or WebDAV), FTP can't work using a single port but need a range of opened port, making the configuration of firewalls potentially challenging depending on your environment.