Understanding FTP using raw FTP commands and telnet
Both FTP and SMTP are simple text based protocols. A previous article showed how to check if an email address exists using SMTP commands from the terminal. Here I would like to show you how you can use raw FTP commands to connect to an FTP server, login, traverse directories and even download files. But before we do this we need to understand how FTP is different from the other protocols.
Firstly FTP (File Transfer Protocol) uses two channels, the data channel and the control channel. This is called out-of-band control. The control channel sends commands to the FTP server and the data channel is used for data (to retrieve files from the server, etc).
Secondly there are two major modes of FTP operation, the active mode and the passive modes. The difference lies in the way the data channels are opened. In Active FTP, the FTP server will connect to the client port and send data to it. In Passive FTP, the FTP server will tell the client which port to connect to for retrieving data. Firewalls can complicate the process on both sides.
In our example, we will use Passive FTP (avoiding firewall issues on client) to download a file using anonymous FTP login to the IETF servers. There are a lot of files on this server by some estimates it is about 4GB. We will pick up a small file called ftpext-charter.txt located in the /ietf/ftpext/ folder on the server.
Open the terminal/command prompt (On windows, Go to Start > Run > type cmd). Once you are on the command prompt, type this command to connect to the FTP server and issue commands
C:\> telnet ftp.ietf.org 21
220 ProFTPD 1.3.1 Server (ProFTPD) [184.108.40.206] USER anonymous 331 Anonymous login ok, send complete email address as your password PASS email@example.com 230 Anonymous access granted, restrictions apply CWD ietf/ftpext/ 250 CWD command successful PASV 227 Entering Passive Mode (64,170,98,33,151,31). RETR ftpext-charter.txt 150 Opening ASCII mode data connection for ftpext-charter.txt (6060 bytes) 226 Transfer complete QUIT 221 Goodbye.
Commands/Response on control channel
We issued these five commands in the following order at lines 2, 4, 6, 8, 10 and 13.
USER – Send username to the FTP server
PASS – Send the password (Anonymous servers need email address)
CWD – Change the working directory on the server
PASV – To enter the passive mode (To let client connect to the server)
RETR – To retrieve a remote file from the server
QUIT – To terminate the connection to the server
Between line 10 and 12, you will notice that the file was downloaded. To start the download, I had to open up another telnet window to open the data channel. To figure out to which IP address and port I had to connect to, we have to look at line number 9. We received a set of numbers (64,170,98,33,151,31) from the server in response to the PASV command. The first four related to the IP address 220.127.116.11 and the last two 151 and 31 help us identify which port to connect to. Multiply the first by 256 and add it to the second. So, 151 * 256 + 31 which is equal to 38687. Now that we have the IP address and port number, all we have to do is to open a second terminal and telnet to IP:Port as shown below:
C:\> telnet 18.104.22.168 38687
This will now show you all the contents of the file ftpext-charter.txt being thrown into your second terminal window. Once this is done, you can proceed to type further commands on the control channel (the first terminal window).
– The anonymous FTP server on IETF has a 60 second timeout on its control channel connection. Please connect to your own FTP servers they might be more forgiving to humans on terminals.
– FTP is not very secure as you can see the password and username are sent in plain text! Also, there is no encryption as you saw on file downloads or uploads.
– Type HELP once you send your password to see what commands you can issue the server.
– Here is a list of raw FTP commands and the parameters
– Here is a list of anonymous FTP servers
– This is the FTP sequence diagram which explains stuff at DNS and TCP level
– On windows there is a built in command line FTP tool (called ftp). It is useful but it does not show us how to use raw commands and communicate to an FTP server.
– SFTP (SSH File Transfer Protocol), FTPS (FTP over SSL) are more secure ways of using FTP.
Hope this helps!