FTP stands for File Transport Protocol which is a TCP/IP protocol running at the application layer. FTP is used to transfer files between two computers. One server involved runs an FTP service as a server and the other computer acts as a client running an FTP client program. FTP can be used to list files and directories, rename files, upload files, or download files.
FTP requires a username and password for most access except anonomous FTP. Usernames and passwords sent using the FTP protocol are not encrypted and can be eavesdropped by third parties.
FTP uses port 21 for commands and 20 for data.
There are two types of FTP:
- Standard FTP - All inbound ports above 1023 must be open.
- Passive FTP - All outbound ports above 1023 must be open.
The most secure way to allow FTP transfers through a firewall is using passive FTP.
Anonomous FTP is usually used to allow members of the public to either upload files to a specific directory or allow them to download files in a specific location.
RFCs 114, 141, 172, 264(obsolete), 265(obsolete), 281, 294, 354, 385, 414, 430, 454 (official), 542 (new official), 607, 614, 624, 686, 691, 765, and 959 apply to FTP.
FTP commands include:
- RETR - Retrieve
- STOR - Store
- ALLO - Allocate - Used to allocate space for a file on some servers.
- APPE - Append data to a file
- MLFL - Mail file to a user at the server site
- MAIL - Send mail not in a file
- MSND - Mail send to terminal
- MSOM - Mail send to terminal or mailbox
- MSAM - Mail send to terminal and mailbox
- MRSQ - Mail recipient scheme question
- MRCP - Mail recipient
- REST - Restart to restart a file transfer
- RNFR - Rename from must be followed by a rename to command to rename a file
- RNTO - Rename to
- ABOR - Abort the previous FTP command
- DELE - Delete a file
- CWD - Change working directory
- LIST - List files and folders in the current working directory
- NLST - Name-list
- SITE - site parameters
- STAT - Status
New commands from RFC 765:
- CDUP - Change to Parent Directory
- SMNT - Structure Mount
- STOU - Store Unique
- RMD - Remove Directory
- MKD - Make Directory
- PWD - Print Directory
- SYST - System
The FTP server responds with a numeric code for every FTP command received from the client. There are several classes of codes including: (From RFC 765)
- 100 Series: The requested action is being initiated, expect another reply before proceeding with a new command.
- 110 - Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
- 119 - Terminal not available, will try mailbox.
- 120 - Service ready in nnn minutes
- 125 - Data connection already open; transfer starting
- 150 - File status okay; about to open data connection.
- 151 User not local; Will forward to <user>@<host>.
- 152 User Unknown; Mail will be forwarded by the operator.
- 200 Series: The command has been completed.
- 200 - The command was completed OK.
- 202 - Command not implemented, superfluous at this site.
- 211 - System status, or system help reply.
- 212 - Directory status.
- 213 - File status.
- 214 - Help message. (On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.)
- 215 - NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
- 220 - Service ready for new user.
- 221 - Service closing TELNET connection.
- 225 - Data connection open; no transfer in progress.
- 226 - Closing data connection. Requested file action successful (for example, file transfer or file abort).
- 227 - Entering Passive Mode (h1,h2,h3,h4,p1,p2).
- 230 - User logged in, proceed.
- 250 - Requested file action okay, completed.
- 257 - "PATHNAME" created.
- 300 Series: The command has been accepted, but the requested action is being held while waiting for further information. Another command should be sent with the required information.
- 331 - User name okay, need password.
- 332 - Need account for login.
- 350 - Requested file action pending further information
- 354 Start mail input; end with <CR><LF>.<CR><LF>
- 400 Series: A reply indicating the requested action did not take place, but the error condition is temporary and the action may be requested again.
- 421 - Service not available, closing TELNET connection. (This may be a reply to any command if the service knows it must shut down.)
- 425 - Can't open data connection.
- 426 - Connection closed; transfer aborted.
- 450 - Requested file action not taken. file unavailable (e.g. file busy)
- 451 - Requested action aborted. Local error in processing.
- 452 - Requested action not taken. Insufficient storage space in system.
- 500 Series: The command was not accepted and the requested action did not take place.
- 500 - Syntax error, command unrecognized. (This may include errors such as command line too long).
- 501 - Syntax error in parameters or arguments.
- 502 - Command not implemented.
- 503 - Bad sequence of commands.
- 504 - Command not implemented for that parameter.
- 530 - Not logged in.
- 532 - Need account for storing files.
- 550 - Requested action not taken. File unavailable (e.g., file not found, no access).
- 551 - Requested action aborted. Page type unknown.
- 552 - Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
- 553 - Requested action not taken. File name not allowed.