What Is FTP? Everything About File Transfer Protocol
It has been important to exchange data since the early days of computing. One common way of doing so is connecting one computer to another. Right now, you’ve done that by using the HTTP protocol to access the internet, which also lets you upload and download files. Another way is called FTP, which we’re going to tell you about in this article.
Before we go on, FTP is an old-school way of transferring files from computer to computer. If you prefer something more contemporary, check out our guides on how to share files online, sharing via Dropbox and sharing with Google Drive.
What Is FTP?
FTP stands for File Transfer Protocol. A protocol is a system of rules that networked computers use to communicate with one another. FTP is a client-server protocol that may be used to transfer files between computers on the internet. The client asks for the files and the server provides them.
You can work with FTP using a simple command-line interface, such as the DOS console in Windows and Terminal in Linux and macOS. If you don’t want to use those, though, there are graphical user interface solutions, such as Filezilla or WS FTP Pro. Browsers also allow you to download files via FTP (check out our recommendations for the most secure browsers).
You can exchange any kind of file, including music, videos and documents. If it’s a single file, you might even get it faster than you would with HTTP, unless the server is far away. If tuned properly, FTP may be better for large files, too (read our guide on sharing large files if it doesn’t work, though).
You can also create directories, remove them and list files with FTP, but you may need to authenticate with a username and password first. Anonymous FTP servers don’t require keys and are usually used for open source software that is freely distributed.
To access public servers, navigate to the directory called “pub,” which usually holds files, then download what you want via FTP. Here’s one with some Linux distributions on it operated by Belnet, a Belgian education and research network.
Many transfers are handled by HTTP, but FTP is still commonly used to transfer files behind the scenes for applications, such as banking, and website builders, such as Wix (read our Wix review).
FTP is far older than HTTP. It even preceded the TCP/IP protocol, the standard network protocol that powers the internet, so you could use it to transfer files between computers long before the internet was in its initial stages of development.
History of FTP
FTP has been around for more than 40 years, but it has changed significantly during that time. The original specification for it was written by Abhay Bhushan and published on April 16, 1971, as RFC 114. RFC stands for “Request for Comments” and is a formal document of the Internet Engineering Task Force.
In 1980, TCP/IP came along and FTP was replaced by its TCP/IP version in RFC 765, and later RFC 959 in Oct. 1985 which is the current specification. Later amendments added security extensions, passive modes and IPv6 support.
The first FTP clients couldn’t be anything more than command-line programs because they were developed before operating systems had GUIs. Since then, many GUI clients and automation utilities have been developed for desktops, servers, mobile devices and hardware. FTP has also been integrated into applications, such as web browsers.
FTP Transfer Modes
You can initiate an FTP session in active or passive mode. The mode determines how the connection is established. In both, the client creates a connection over TCP from a random port to the FTP server port 21.
In active mode, the clients listen for incoming data connections from the server on port N, which can be any unprivileged port. To let the server know that, it sends the FTP command “PORT N” to it. The server then establishes a connection to the client from its port 20, the FTP server data port, and begins transferring data.
A passive connection is where the client sends a “PASV” command to the server, then receives a server IP address and port number from it, which the client uses to initiate a data connection from a privileged port to start sending. Because the client starts all connections, this is also known as “firewall-friendly” mode.
FTP is known to have security weaknesses. RFC 2228 was drafted to address them, but, in May 1999, authors of RFC 2577 were still able to identify vulnerabilities to brute force attacks, FTP bounce, packet capture, port stealing, spoofing and username enumeration.
Many of those stem from the fact that FTP doesn’t encrypt its traffic. Instead, transmissions are in clear text and anyone who’s able to perform packet capture on the network can read usernames, passwords, commands and data. That is a problem with other protocols defined before the creation of SSL/TLS, as well.
You can circumvent them by using FTPS, which is more secure. You could also try a better protocol, such as the SSH File Transfer Protocol. If that still doesn’t cut it, you can use Secure Shell, SSH or a virtual private network, which is one of the best ways to protect your privacy online. If you want to know which VPN to go with, read our best VPN providers article.
FTP has been around for a long time and it doesn’t seem like it’s going away. It’s a given that it’s not used as much as HTTP, but it still has its purposes, such as downloading files anonymously and powering apps behind the scenes.
Granted, it’s not the most user-friendly, but GUI programs make it easier. If you don’t want to exchange files using FTP, you can use one of our best cloud storage service providers, instead. Though that would make you feel less like a technomancer, ease of use has its perks, too.
What do you think about FTP? Is it something you’d use? Let us know in the comments below. Thank you for reading.