an introduction
The transmission of FTP uses the TCP data packet protocol, and TCP performs a three-way handshake before establishing a connection. However, the FTP server is more troublesome, because the FTP server uses two connections, the command channel and the data channel. Because it is a TCP packet, both connections need to go through a three-way handshake.
According to the way of establishing the data connection, the data transmission of FTP service can be divided into active mode (Active) and passive (Passive) mode. The two modes are described below.
Two active mode
1. Definition
Active mode is the default mode for the FTP server to transfer data to the FTP client. When the FTP client requests to transmit data in active mode, the client sends the IP address and port Y ready to receive data to the server, which should be an unprivileged port greater than 1024. The server actively initiates and establishes a connection to the specified IP address and port Y. Since the Y terminal can be specified randomly, this solution requires that the client machine must allow the FTP server to connect to all ports smoothly, so there may be certain security risks.
2. Schematic diagram of active connection of FTP server
3. Active mode analysis
Step 1: Establish a command channel connection
As shown in the figure above, the client will randomly select a port greater than 1024 or more (port AA) to connect with the port 21 of the FTP server. Of course, this process requires three handshakes. After the connection is realized, the client can execute commands to the FTP server through this connection. Commands such as querying file names, downloading, uploading, etc. are all executed using this channel.
Step 2: Inform the FTP server to use Active and tell the port number of the connection
Port 21 on the FTP server side is mainly used for command execution, but when data flow is involved, this connection is not used. When the client needs data, it will tell the server how to connect. If it is active mode connection, the client will randomly enable a port (port BB), and inform the FTP server of these two information through the command channel, and Waiting for a connection from the FTP server side.
Step 3: The FTP server actively connects to the client
After the FTP server understands the client's needs through the command channel, it will actively connect to the client's port BB from port 20. Of course, this connection will also go through a three-way handshake. At this time, the FTP client and the server establish two connections, which are used for command execution and data transmission respectively. By default, the active connection port used by the FTP server is port 20. In this way, two channels of "command" and "data transmission" are established.
Notice:
Point 1: The data transmission channel will establish a connection when there is data transmission, not a data channel that is established immediately after connecting to the FTP server.
Point 2: The FTP of the command channel defaults to port 21. FTP-DATA for data transfer is port 20 by default.
Point 3: The working principles of the two ports are different, and the connection initiators of the two ports are different. First, port 21 accepts active connections from clients, and
port 20 is an active connection from the FTP server to the client.
Two passive mode
1. Definition
In passive mode, the client obtains the IP address and data port of the server through the PASV command, and then initiates a connection request to the server to establish a data connection. So the server side just passively listens for requests on the specified port.
When the connection to an FTP server fails, you can try to modify the configuration of the FTP client tool and change the transmission mode, so that the connection may be successful.
2. Schematic diagram of FTP passive connection
3. Passive mode analysis
Step 1: The client and the server establish a command channel
It is also necessary to establish a command channel, which can be established through a three-way handshake.
Step 2: The client initiates the PASV connection request
When using the data channel command, the client can initiate a passive connection request of PASV through the command channel and wait for the server's response.
Step 3: The FTP server starts the data port and notifies the client to connect
If you are using an FTP server that can handle passive connections, the FTP server will first start a listening port. This port number can be random, or you can customize a range of ports. Then the FTP server will inform the client of the port (port PASV) that has been started through the command channel and wait for the connection from the client.
Step 4: The client randomly uses a port greater than 1024 to connect
最后你的客户端会随机取用一个大于1024端口来进行对FTP服务器port PASV连接。如果一切都顺利,那么FTP数据就可以通过port BB和port PASV来传送了。
注意:
第1点:被动模式FTP数据通道是由客户端向服务器端发起连接的。
4、被动模式抓包分析
通过ftp到ftp.ksu.edu.tw这个FTP服务器,我们抓一下包,下面是登录过程。
第一步:客户端发起命令通道的三次握手。
第二步:客户端发起PASV的连接请求。
第一步:客户端发起命令通道的三次握手。
第二步:客户端发起PASV的连接请求。
第三步:服务器端启动数据端口,并告知客户端该端口号。
第四步:客户端发起数据通道的三次握手。
第四步:客户端发起数据通道的三次握手。