FTP

Confidential
FILE TRANSFER PROTOCOL
File Transfer Protocol (FTP), a standard Internet protocol, is the simplest way to
exchange files between computers on the Internet. FTP is an application protocol
that uses the Internet's TCP/IP protocols. FTP Uses Port 20 for data transfer
and Port 21 for Command .

As a user, you can use FTP with a simple command line interface (for example,
from the Windows MS-DOS Prompt window) or with a commercial program that
offers a graphical user interface.





FTP ACCESS USING COMMAND PROMPT
Confidential
FTP ACCESS USING IE BROWSER
Confidential
When we try to access a FTP service by entering the FTP server address in either
command prompt or Internet Browser the following things happen:

1) The ARP process is carried out to get the Layer 2 address of the FTP server
2) After that the TCP three way handshake is carried out to create a connection
As FTP uses TCP for transmission


















TCP SYN PACKET CAPTURE (FOR FTP)
Confidential
TCP SYN/ACK PACKET CAPTURE (FOR FTP)
Confidential
TCP ACK PACKET CAPTURE (FOR FTP)
Confidential
Once the TCP Handshake is done the server responds with the ACK informing
that the FTP service is ready to use by new user .


















Confidential
After which the Client again sends an TCP Acknowledgement to
the server
Confidential
Next the User has to enter a User name if Using command prompt. In this
case we enter user name as Anonymous. By default we have this option
called Logon Anonymously checked when we create a FTP server which
allows us to use Anonymous as username and password as USER.

Confidential
Next the FTP servers sends an Acknowledgement saying that the username
Is accepted and now it is expecting for password.
Confidential
The Client again sends a TCP acknowledgement to the server.
Confidential
Next the User enters the password which is user.
Confidential
Once the username and password are provided the FTP server sends an
Acknowledgement confirming that the user is Logged in and can proceed the
File transfer.
Confidential
Client again sends an TCP acknowledgement to the Server
Confidential
After all the above process is over the Client will send a PORT command if
the client wants to use Active FTP. The PORT command mentions the DATA
PORT of the Client to which the Server's Data PORT has to connect for data
transfer ( client selects this port randomly but should be >1023 )
The PORT command has six octets information eg.


Here the first 4 octets are ip address of client i.e 10.130.38.199
While the 5
th
and 6
th
octets are used to determine the actual data PORT
To be used by the servers DATA PORT. The equation to find Client port
number is :

256 * (5
th
octet) + (6
th
octet)

In our case it is 256 * 7 + 144 = 1936

So Server's DATA PORT will be connecting to clients PORT 1936
Request arg: 10,130,38,199,7,144
Confidential
FTP PORT COMMAND PACKET CAPTURE
Confidential
IF the client wants to access FTP service using PASSIVE FTP then instead of
Sending the PORT command it will send PASV command to the server. When
Client sends PASV command to server the server randomly choses a PORT
>1023 and asks Client to connect to that port for data transfer. FTP port 20 of the
Server is not used at all in PASSIVE FTP. Client initiates the connection for both
Initial connection as well as for data transfer in PASSIVE mode.
Confidential
After receiving the PASV command from client the Server opens a random port
>1023 and sends an Acknowledgement to client mentioning the PORT number in
And informing that IT IS ENTERING PASSIVE MODE .
Confidential
FTP Active Data Connection
Confidential
FTP Passive Data Connection
Confidential
Which Type of FTP is PREFFERED and WHY ?

If you are behind a firewall / NAT router, passive mode gives you a
better chance of connecting to an external FTP server.
Confidential


Thank you