Understanding FTP using raw FTP commands and telnet

Both FTP and SMTP are simple text based protocols. A previous article showed how to check if an email address exists using SMTP commands from the terminal. Here I would like to show you how you can use raw FTP commands to connect to an FTP server, login, traverse directories and even download files. But before we do this we need to understand how FTP is different from the other protocols. 

Firstly FTP (File Transfer Protocol) uses two channels, the data channel and the control channel.  This is called out-of-band control. The control channel sends commands to the FTP server and the data channel is used for data (to retrieve files from the server, etc).

Secondly there are two major modes of FTP operation, the active mode and the passive modes. The difference lies in the way the data channels are opened. In Active FTP, the FTP server will connect to the client port and send data to it. In Passive FTP, the FTP server will tell the client which port to connect to for retrieving data. Firewalls can complicate the process on both sides. 

In our example, we will use Passive FTP (avoiding firewall issues on client) to download a file using anonymous FTP login to the IETF servers. There are a lot of files on this server by some estimates it is about 4GB. We will pick up a small file called ftpext-charter.txt located in the /ietf/ftpext/ folder on the server.

Open the terminal/command prompt (On windows, Go to Start > Run > type cmd). Once you are on the command prompt, type this command to connect to the FTP server and issue commands

C:\> telnet ftp.ietf.org 21

220 ProFTPD 1.3.1 Server (ProFTPD) []
USER anonymous
331 Anonymous login ok, send complete email address as your password
PASS blogger@webdigi.co.uk
230 Anonymous access granted, restrictions apply
CWD ietf/ftpext/
250 CWD command successful
227 Entering Passive Mode (64,170,98,33,151,31).
RETR ftpext-charter.txt
150 Opening ASCII mode data connection for ftpext-charter.txt (6060 bytes)
226 Transfer complete
221 Goodbye. 

                                     Commands/Response on control channel

We issued these five commands in the following order at lines 2, 4, 6, 8, 10 and 13
USER – Send username to the FTP server
PASS  - Send the password (Anonymous servers need email address)
CWD  - Change the working directory on the server
PASV – To enter the passive mode (To let client connect to the server)
RETR – To retrieve a remote file from the server
QUIT – To terminate the connection to the server 

Between line 10 and 12, you will notice that the file was downloaded. To start the download, I had to open up another telnet window to open the data channel. To figure out to which IP address and port I had to connect to, we have to look at line number 9. We received a set of numbers (64,170,98,33,151,31) from the server in response to the PASV command. The first four related to the IP address and the last two 151 and 31 help us identify which port to connect to.  Multiply the first by 256 and add it to the second. So, 151 * 256 + 31 which is equal to 38687.  Now that we have the IP address and port number, all we have to do is to open a second terminal and telnet to IP:Port as shown below:

C:\> telnet 38687 

This will now show you all the contents of the file ftpext-charter.txt being thrown into your second terminal window. Once this is done, you can proceed to type further commands on the control channel (the first terminal window).

The anonymous FTP server on IETF has a 60 second timeout on its control channel connection. Please connect to your own FTP servers they might be more forgiving to humans on terminals.
- FTP is not very secure as you can see the password and username are sent in plain text! Also, there is no encryption as you saw on file downloads or uploads.
- Type HELP once you send your password to see what commands you can issue the server.
- Here is a list of raw FTP commands and the parameters
- Here is a list of anonymous FTP servers
- This is the FTP sequence diagram which explains stuff at DNS and TCP level
- On windows there is a built in command line FTP tool (called ftp). It is useful but it does not show us how to use raw commands and communicate to an FTP server.
- SFTP (SSH File Transfer Protocol), FTPS (FTP over SSL) are more secure ways of using FTP.


The FTP HELP command via terminal

Hope this helps!

Also read...


  1. Skaldrom Y. Sarg said on :

    Thanks for this post, reminding me of the times we had ONLY text based ftp clients (just a bit more comfortable than telnet). That was about 300 years ago :)

  2. Mike said on :

    Very informative article thanks a bunch for this. Do you know the reason we need to multiple the 2nd last number and add the last for PASV mode?

  3. Player said on :

    64,170,98,33,151,31 are all octets(meaning group of eight). Eight bits have a maximum value of 255 and a minimum of 0. So if you multiply the octet 151 by 256 and add it to 31 you get the port.

  4. Sadjow said on :

    Thanks man!
    Very Good!
    Best Regards!

  5. Nasir said on :

    Great dude

  6. Guitam said on :

    Thanks for the details on your blog. This is great! Thank you!

  7. AK said on :

    Good Information, Short and easy to understand

  8. pradeep said on :

    Whether the last two numbers changes every time when we enter into the passive mode…this thing is not working on mine laptop..tel me plz some suggestion

  9. Paula Jones said on :

    Very helpful and so informative, many thanks.

  10. Scott said on :

    Tremendous help. Thank you it saved me a lot of time.

  11. Shaks said on :

    Excellent exlpanation, exactly what i needed.

    Thank you very much sir!

  12. vavan said on :

    Thank you, very useful, but how to upload file?

  13. George Jordanov said on :

    A month later but hope help you… Uploading files can be done the same way as reading is shown above but instead of RETR command use STOR (and data channel is used to stream data to).
    Thanks the author very helpful article.

  14. John Sanabria said on :


  15. Jason Murphy said on :


    I’m after some help with FTP RAW commands. I’ve written a FTP client in C++ using winsock. I’m fairly happy with the progress but before calling the STOR subcommand, I’d like to change the local directory. I can’t seem to find help on that anywhere. I’m looking for the FTP RAW equivalent of the LCD command.


    Thanks for your help.

    Regards, Jason

  16. Franklin said on :

    Great, it worked perfectly on my blog

  17. richard said on :

    Great…. do you have one one on how to telnet from windows 7 using smtP?

  18. Federico said on :

    Very nice article, easy to start and complete. Thanks.

  19. mastropiero90 said on :

    First of all, THANKS!
    I’m playing around to make my own php ftp client, and I require to understand (at least) the basics about raw FTP commands, and after googling for a while I couldn’t find something easy to diggest, but U have exceeded my expectations with this!
    May sound a bit exaggerated.. anyway, it turns out that I am also interested in effective pedagogical methodologies. Piaget comes to my mind, because I see how you’ve realized what would other person need to understand, in order to form his own mental structure of how an FTP transfer is done.
    Thanks again.

  20. Cyberclops said on :

    I’m using a scripting environment in the popular chat program ‘mIRC’, to perform an ftp upload, as I’ve switched to using a Linux environment where ftp .exe won’t run under WINE (WINdows Emulator), and the Linux ftp client doesn’t do what I need (the -s:batch_file.txt switch to send commands listed in a batch file).

    The problem I believe I’m having is timing.. From your screenshot I can’t see timestamps, so I don’t know when to execute the STOR command (before, or after streaming the data?). My end-result is an empty file (it’s there, but empty).

    Can you please shed some light on this?

  21. Cyberclops said on :

    I don’t know why your comments system put http:// in front of ‘ftp.exe’ but I didn’t put it there :s

Comments are closed.