FTP, an application layer protocol of the TCP/IP protocol suite of applications, allows users to transfer files from one host to another. Two ports are required for FTP—one port is used to open the connection (port 21), and the other port is used to transfer data (20). FTP runs over TCP and is a connection-oriented protocol. To provide some level of security, FTP allows usernames and passwords to be exchanged before any data can be transferred, adding some form of security authentication mechanism to ensure that only valid users access FTP servers. FTP exchanges usernames and passwords in clear text.
The advantages of FTP are the ability to list a remote FTP server's full list of directories and to ensure that only valid users are connected. The file transfer progress can be displayed to the FTP client, as well. Many FTP applications are available, and the range of options is endless. For example, on the CCIE Security lab exam, the application WRQ Reflection 2000 can be used for Telnet and FTP. For more details on this application, visit http://www.wrq.com/products/reflection/.
NOTE FTP connection issues are typically communicated by end users (FTP clients) as poor network performance, but the problem might actually be a result of filtering the FTP data on port 20. For example, when a client successfully logs into an FTP server remotely but fails to list the remote FTP server's directory or to transfer files, this can indicate a problem with the FTP data port (via TCP port 20) or with an access list on the remote network.
FTP clients can be configured for two modes of operation (note that the names in parentheses are the names used in this guide):
■ PORT mode (sometimes referred to as active mode)
■ PASV mode (sometimes referred to as passive mode)
Was this article helpful?