1. FTP protocol overview
The English name of the FTP protocol is called File Transfer Protocol, or FTP for short. It is a protocol for transferring files from a host to a host.
The way in which the client and server interact with each other in the FTP protocol is shown in Figure 1. The FTP client includes two parts: the user interface and the client interface . The user interface is used for human-computer interaction with the user, and the client interface is responsible for processing related to the FTP protocol.
2. FTP protocol interaction steps
For example, if a user wants to download a file on a remote FTP server to the local, the following procedures are required:
- First, the user enters commands through the FTP user interface to connect the client interface to the remote FTP server host
- After a successful connection, the FTP server generally requires the client to enter a user name and password (Assuming anonymous login is not supported), After obtaining a valid user name and password, the normal login process is completed, and then the file upload and download operations can be performed;
- Enter the corresponding directory and select a specific file;
- Use FTP commands to download files on the user interface of the client, and the server starts to transfer files after receiving the download information;
- After the file transfer is complete, the client and server close the connection.
3. FTP working mode
The working mode of the FTP protocol can be divided into an active mode and a passive mode . The main difference between the two is that the data connection is established in different ways:
Active mode : After the client connects successfully, it actively tells the server the port of data connection.
Passive mode : After the client connects successfully, it temporarily connects to the server's 20 port during data transmission, and uses this port for data transmission.
3.1 FTP control connection
FTP protocol is based on TCP connection for communication, but it is different from HTTP, TELNET and other protocols. The biggest difference between them is that the FTP protocol uses two parallel connections to transfer files , one for the control connection and the other for the data connection .
Control connection : used to transfer control information between the client and the server. For example: during login authenticationuser name and password,Uploadwithdownload file,Switch directoryWait, that is to say, the commands related to the FTP protocol are realized through the control connection;
data connection : mainly used to realize the file transfer. Such asUpload downloaded file contentIt's all done over this TCP connection.
When an FTP client wants to establish a TCP connection with a remote FTP server, the client first connects to port 21 of the FTP server . After the successful three-way handshake of TCP, the connection is successfully established. After that, the client sends the user name and password used for login to the server through the newly established control connection. After the server verifies that the user name and password are valid, the client logs in successfully and the FTP control connection The session is successfully established, and you can now interact with FTP commands.
3.2 FTP active mode
Active mode is also calledStandard mode,PORT mode。
In FTP active mode: The FTP client serves as the server for data connection , and the FTP server serves as the client for data connection .
After the FTP client establishes a control connection with the server, the client establishes a TCP connection on the data server and opens the listener, and uses the PORT command to tell the FTP server to connect to the port. Active mode follows one of the following steps:
- The FTP client connects to port 21 on the FTP server to establish a control connection ;
- The FTP client connects to the TCP server at a certain port and monitors the data connection request sent by the FTP server. After the establishment is completed, notify the FTP server to listen to the port through the PORT command;
- The FTP server is connected to the FTP server's data connection listening port through port 20 ;
- File transmission and communication through the newly established data connection channel;
- After the transfer is complete, the data connection is automatically closed.
3.3 FTP passive mode
Passive mode is also calledPASV mode。
In FTP passive mode: FTP server and FTP client are both server and client for data connection and control connection .
After the FTP client establishes a control connection with the server, the client no longer establishes a TCP server and then sends a PORT command to inform the FTP server, but sends a PASV command. After receiving this command, the FTP server randomly selects an unused port on the high port and establishes a TCP server to listen to the port, and then informs the FTP client of the port number information. The client connects to the server for data connection and communicates on this port.
- The FTP client connects to port 21 on the FTP server to establish a control connection ;
- The FTP client informs the FTP server to adopt passive mode through the PASV command ;
- The FTP server randomly selects a port on the high port and establishes a TCP server to listen to it, and then responds to PASV to inform the client of the port;
- The FTP client connects to the data connection port monitored by the FTP server and transfers files.
- The data connection is automatically closed after the transmission is completed.
4. FTP protocol transmission method
There are two transmission methods of FTP protocol: ASCII transmission mode and binary data transmission mode.
Simply put, ASCII transmission mode is used for transmissionText file, The binary transmission mode is used to transmitExecutable files, programs, databases, compressed packagesWait.
For example, viewing a directory uses the ASCII transfer mode, because the directory is transferred as a normal text file:
while downloading a file (including txt type text file), the content of the file isBinary modeTransmitting
5. FTP protocol interaction process
The following is just a wireshark capture record of the interactive process of the FTP server built by myself.
5.1 Anonymous login
As can be seen from the figure below, the FTP server does not allow anonymous login:
#### 5.2 Real-name login
Use the allowed battle account and password to log in. After successful login, you can see the root directory information. Here, the root directory information is transmitted in the passive mode through the ascii transmission method.
5.3 Obtained directory information
5.4 Switch directory
Here switch from the root directory to the pdf directory,
5.4 Download file
Control connection :
Data connection :
6. Common FTP commands
The FTP server built using Serv-U, the following picture is also taken from Serv-U: