File Transfer Protocol Explained: Everything You Need to Know

Key Points

• Files transmitted over FTP are not encrypted and more vulnerable to malicious interception.
• There is no visibility of the transfer process. This means there is no way to tell if a file transfer failed or is interrupted other than checking the status of the transferred files manually.
• High volume file transmission can’t be automated with FTP.
• FTP does not meet secure connection compliance requirements.
• FTP can be established in either Active Mode or Passive Mode with either the PORT or PASV commands respectively.
• FTP was replaced as the standard website transfer protocol with HTTP (Hyper-text Transfer Protocol).
• The FBI has previously warned about the vulnerability of FTP and recommended against its use.

File Transfer Protocol, is a standard communication protocol used to transfer computer files from a server to a client within the same network. It is used to manage files on a server or client device. This means that files can be downloaded, uploaded, created, deleted, transferred, encrypted for secure connections, and more. It is the backbone protocol used for client-server relationship management. Most internet projects that allow visitors to download files or just show web pages are using FTP, FTPS, or SSH File Transfer Protocol.

FTP is widely used and applications have been developed for use on desktops, servers, mobile devices, and smart hardware. The protocol itself has been integrated into productivity applications. For example, HTML editors have FTP built-in.

File Transfer Protocol: History

The original FTP specifications were written by Abhay Bhushan. FTP was published on April 16, 1971, under RFC 114. It has since been through many iterations and RFC standards that saw its replacement with TCP/IP.

FTP has been amended numerous times for different RFC standards, for example, RFC 765 (released in June 1980), RFC 959 (released in October 1985 and remains the current specification), RFC 1579 (an amendment to RFC 959 that enabled Firewall-Friendly FTP in February of 1994), and RFC 2228 (an amendment to RFC 959 that added support for IPv6 in September of 1998).

In laymen’s terms, File Transfer Protocol, or FTP, is a set of computer instructions and rules that define the method used to move digital files from one computer (such as a server) to another (such as an internet-connected personal computer).

It was created to enable data transfer over network systems. Specifically, it was meant to handle computer files, thus the name File Transfer Protocol. One of many good examples of an everyday process that utilizes, or once utilized, FTP is downloading a file from a website (server).

As networks and the devices that made them up continued to advance, so to did the files and the types of connections. At first, connections were kept secure with a simple clear-text sign-in protocol. This meant that a user just needed a valid username and password to gain server access.

Some servers were even set up for users to be able to access anonymously. Operations that required a more secure connection often utilized the username and password system that were often secured with SSL/TLS (FTPS) or SSH File Transfer Protocol (SFTP).

The first FTP applications on the client-side were command-line. They were developed well before the operating systems had grown their graphical user interfaces (GUI) known in the modern world. These early forms of FTP client applications are still shipped pre-installed in Windows, Unix, and Linux operating systems.

FTP has since been widely used and applications have been developed for use on desktops, servers, mobile devices, and smart hardware. The protocol itself has been integrated into productivity applications. For example, HTML editors have FTP built-in.

As of January 2021, FTP support has been disabled in Google Chrome 88 and Firefox 88. In July 2021, Firefox 90 disabled support for FTP entirely. Google did the same in October of 2021 by removing FTP entirely from Google Chrome 95. That is not to say that FTP is dead. It is far from it. FTP lives on in modern browsers, devices, and FTP client applications alongside the ever-faithful command-line options.

File Transfer Protocol: How It Works

Anyone with a Windows, Unix, or Linux system already has access to using FTP manually through command, but everyone has used FTP and more than once. Any computer user who has ever downloaded a file has made excellent use of FTP.

Being that most everyone who purchases a new computer immediately goes to download their preferred browser, It’s often one of the first things users do. In the case of things like Windows updates, it is the first thing a new computer does. As a set of protocols, it is a backbone standard of networking protocols.

If you want to get into the dirt working with FTP clients, then you’ll want to get a hold of a modern FTP with a graphical interface or start brushing up on your command-line skills. Here’s a few examples of FTP clients to try out:

• Filezilla
• Cyberduck
• FireFTP
• Classic FTP
• WinSCP
• Transmit
• Commander One
• ForkLift
• SmartFTP
• WISE-FTP

For the most part, users with GUI FTP clients will see using FTP just like the traditional File Management system used on Windows, Linux, and Mac PCs.

FTP manages two different communication channels to manage the client-server relationship. The first channel is the control connection. The control connection is a management channel connection that is determined by the FTP client used. Typically, this connection request is made to server port number 21.

The control connection is used for transmitting commands and responses. Think of this as the user-server communication line. If the user wants to transfer a file, this is the connection line that is told what the user wants. It is also the channel used for secure connections. If the server has username-password requirements, the control connection channel handles the request.

The second channel is the data connection. Once the request for access and commands have been sent over the control connection, the file transmissions are sent over the data connection channel. The data connection channel can be established in either Active Mode or Passive Mode.

In Active Mode, the user connects from a random port on the FTP client to port 21 on the server. The client-side port is trivial and can be randomly assigned. The client then send the PORT command. This tells the server which port of the client(the previously selected trivial port on the client-side) the server should connect to. Once the connection is established, data transfer can take place.

In some cases, the client can’t accept connections due to blocked ports or firewall restrictions. This is when Passive Mode is used. As most users are now behind firewall or VPN restrictions, Passive Mode is the most commonly used mode. It works much the same as Active Mode. Instead of the PORT command, the client sends the PASV. This allows for the server to connect server port 21 to a random port on the client-side without breaking firewall restrictions.

File Transfer Protocol: Historical Significance

Without FTP, the internet is significantly less useful. It allows for the very nature of sharing images, text, sounds, videos, and any other file from one user’s host server to the end-user, or website visitor. This simple, trivial, aspect of computing is one of the very foundational pieces of software technology to today’s technology.

The speed at which technology is improved on and released is directly tied to the ability of project developers, researchers, management, and anyone else involved being able to send files to anywhere in the world nearly instantly.

As the technology evolved, so did security concerns. Multiple transfer protocols evolved from FTP to provide enhanced secure connections like HTTP and HTTPS. FTP is still used for trivial operations and downloads, but it is often in combination with more secure options.

The image featured at the top of this post is ©iStock.com/stuartmiles99.