# FTP - File Transfer Protocol ## What is FTP FTP, the File Transfer Protocol, is a standard network protocol used to transfer files between a client and a server over a TCP network. FTP follows the client-server model where a client application connects to an FTP server to upload or download files. FTP is one of the oldest internet protocols still in use, dating back to the early 1970s. It provides commands for listing directory contents, creating and deleting directories and files, and transferring files in both binary and text modes. ## FTP Port Usage FTP uses two separate TCP connections for its operation. The control connection uses port 21 on the server and carries commands and responses between the client and server throughout the FTP session. The data connection is established separately for each file transfer or directory listing operation and carries the actual file data. ## Active vs Passive FTP FTP operates in two modes that differ in how the data connection is established. In active mode FTP, the client tells the server which port it is listening on for the data connection. The server then initiates the data connection from its port 20 to the client's specified port. This causes problems when the client is behind a firewall because the server's incoming connection may be blocked by the client's firewall. In passive mode FTP, the client sends a PASV command to the server. The server responds with an IP address and port number that it is listening on. The client then initiates the data connection to the server's specified port. Passive mode works better through client-side firewalls because the client initiates both connections. ## FTP Authentication FTP supports username and password authentication. A server can also be configured to allow anonymous FTP, where clients log in with the username anonymous and their email address as the password. Anonymous FTP allows anyone to download publicly available files without needing an account. ## Security Limitations of FTP FTP was designed before security was a significant concern and has serious security weaknesses. Usernames, passwords, and all file data are transmitted in plaintext, meaning anyone who can intercept the network traffic can read them. FTP is not suitable for transferring sensitive data over untrusted networks. FTPS adds TLS encryption to FTP to address this problem. SFTP, the SSH File Transfer Protocol, provides a completely separate secure file transfer mechanism that runs over an SSH connection and has replaced FTP in many environments.