File Transfer Protocol (FTP)
The File Transfer Protocol (FTP) is one of the original application-layer protocols, designed specifically for transferring files between a client and a server over a network.
FTP allows users to upload, download, and manage files on a remote system after authenticating with a username and password.
While less common for casual web browsing, FTP remains a vital tool for web developers, system administrators, and automated file transfer systems.
FTP's Unique Dual-Connection Architecture
The most defining feature of FTP is its use of two separate TCP connections to manage a session: one for commands and one for data. This is known as out-of-band control, which contrasts with protocols like HTTP that use a single, in-band connection using one TCP connection for both commands and data.
Control Connection (Port 21)
This is a persistent connection that remains open for the entire duration of the user's session.
It is used exclusively for sending commands from the client (e.g.,
list files,download a file) and receiving responses from the server.Handles login, directory changes, and file transfer commands (e.g., RETR, STOR).
Data Connection (Port 20)
This is a non-persistent connection that is opened only when a file or a directory listing needs to be transferred.
Once the transfer is complete, this connection is closed. A new data connection is created for each subsequent file transfer.
This separation allows for clear management of the session while data is being transferred, but it can also make FTP more complex to configure, especially with modern firewalls and NAT.
The Stateful Nature of FTP
FTP is a stateful protocol, which means the server maintains information, or "state," about each client's session.
Throughout the connection, the server keeps track of:
The user's identity and login session.
Monitor user's current working directory on the server.
Maintain the control connection state throughout the session.
Because an FTP server must maintain state for every active user, it can be more resource-intensive and harder to scale for a large number of concurrent connections compared to a stateless web server using HTTP it does not retain any session information.
FTP Session Workflow
A typical FTP session follows these steps:
The user's FTP client establishes a control connection to the FTP server by using remote host name on TCP port 21.
The client authenticates by sending a username and password (
USERandPASS) over the control connection. FTP server authorizes the session.The user can then browse directories and issue commands, such as requesting to download a file.
When a file transfer is requested, the server opens a separate data connection to the client.
The file is transferred over the data connection.
Once the transfer is complete, the data connection is closed.
The control connection remains open, ready for more commands, until the user explicitly logs out and terminates the session.
Common FTP Commands and Server Replies
Communication over the FTP control connection uses simple, human-readable ASCII commands and numerical server replies.
Common FTP Commands
| Command | Description |
|---|---|
USER username | Specifies the user for authentication. |
PASS password | Sends the password for the specified user. |
| LIST | Requests a list of files and directories in the current location. |
RETR filename | Retrieves (downloads) a specific file. |
STOR filename | Stores (uploads) a specific file to the server. |
| QUIT | Terminates the session. |
Example Server Replies
Server replies are three-digit codes, similar in concept to HTTP status codes.
| Reply Code | Meaning |
|---|---|
| 331 | Username OK, password required. |
| 125 | Data connection already open; transfer starting. |
| 425 | Can't open data connection. |
| 452 | Error writing file. |