December 1, 1999 Web posted at: 9:22 a.m. EST (1422 GMT) by Gearhead (a.k.a. Mark Gibbs)

From...

(IDG) -- To begin with, FTP stands for File Transfer Protocol. It is a TCP/IP application-layer protocol for transferring file data from one computer to another over a network.

As with all Internet protocols, the assumption is that FTP uses the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) -- both TCP/IP session protocols that are, in turn, transported over an Internet Protocol (IP) network. Of course, this is an assumption and in fact you could run FTP over any other network architecture.

The ability to run FTP (or in principle, any other protocol) over any network architecture means that it is easy to defeat a firewall with the help of an accomplice. If the accomplice can set up a program inside the organization that speaks, for example, HTTP and behaves, as far as the firewall is concerned, like a Web browser, then they could handle any payload they pleased in the packets.

MESSAGE BOARD Tech Talk     QUICKVOTE Do you use FTP sites? Yes No View Results

This is an interesting area of security and one that represents a very significant problem if you are trying to build really secure networks. The answer is to use a firewall that doesn't allow you to access stuff out on the Internet directly. This is really a complex topic that we'll have to leave for another column.

So now that Gearhead has made you completely paranoid, we'll get back to our subject: FTP. As we said, FTP is for moving files from one machine to another. And of all the file transfer protocols out there (and there are quite a few), FTP is one of the simplest.

FTP uses two ports for communications -- by default port 20 for data transfers and port 21 for commands. All communications are normally done over TCP, which provides a reliable channel -- something that is highly desirable when you're moving data around.

MORE COMPUTING INTELLIGENCE

IDG.net home page

Network World Fusion home page

Free Network World Fusion newsletters

A better way to FTP, 10/4/99

Revisiting TCP/IP layers and application protocols, 08/16/99

Reviews & in-depth info at IDG.net

E-BusinessWorld

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for network experts

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

File transfers can also be performed over UDP using a protocol called Trivial File Transfer Protocol (TFTP), which is a sort of simple cousin to FTP. TFTP does not use any form of authentication, and by using UDP, is potentially faster than FTP, although it is also less reliable. TFTP is commonly used for loading applications and bootstrapping diskless systems.

It is important to know that you usually interact with FTP through something called a Protocol Interpreter that is part of your FTP client. This component communicates with the Protocol Interpreter on the remote server. When you actually move data around, your Protocol Interpreter is working with your local Data Transfer Process (DTP) and through the remote Protocol Interpreter working with the remote DTP. The two DTPs then interact and perform the file transfer.

When your FTP client creates a session with a server, the server responds with a status message along the lines of "220 servername FTP server." It is worth noting that the only constant part of this transaction is the code "220" -- everything else in the message is implementation-dependent.

At this point, the server will usually ask you for a name and a password. If anonymous access is allowed, then the server will offer you a default name. For the password it is the convention to use your e-mail address. If a real logon is required, you will need to know the details of a valid account on the server.

After that... well, next time we'll look at what else happens when you FTP.