What is FTP?

Have you ever wondered how files get from your computer to a website or server to your device? There are many ways, but one of the most long-lasting and popular ones is the File Transfer Protocol (FTP). You can think of FTP as the courier service of the Internet. It is specifically designed to move files between devices over a network.

The File Transfer Protocol was initially developed in the early days of the Internet in the 1970s. It was the go-to protocol for a variety of tasks: uploading website content, sharing large files, or backing up important data. Nowadays, the protocol is not as widely used as it was ten years ago because newer and safer alternatives exist. Still, it remains a vital part of the Internet to this day because of its ease of use and familiarity.

Read on to learn all about the File Transfer Protocol, including how it works, its key features, and its limitations.

In This Post:

• How Does FTP Work?
• Key Features
• Drawbacks of FTP

How Does FTP Work?

The primary purpose of FTP is to transmit files between computers over a TCP/IP connection. Because it uses the TCP/IP model to operate, instead of the more theoretical OSI model, FTP functions within the Application layer using a client-server connection. That means a client connects to another device (a server) to exchange files. The client can be either a computer or an FTP application. FileZilla is an excellent example of such an application. Check out our tutorial on how to use FTP for additional examples.

With this said, though, what happens when a client connects to a server via FTP? Here are the steps that occur.

1. Establishing the Connection - To connect to a server over FTP, you must first enter the server’s address (hostname or IP address) and a pre-determined username and password in your FTP client. The username and password are typically created on the server and shared with the user, allowing them access. Sometimes, a username and password are not required in the so-called anonymous FTP model;
2. Communication Channels - Once the connection is established (typically on port 21), two communication channels are open:
   1. Control Connection - This channel is used to send instructions to the server. When you want to upload a file or change a directory, this channel handles those instructions;
   2. Data Connection - On the other hand, this channel is used for the actual data transfer. It handles any uploads or downloads to and from the server;
3. Transfer of Files - When both steps from above are completed, users can upload, download, move, remove, rename, or copy files on the server. Moving, removing, renaming, and copying files are all handled by the Control Connection, while uploading and downloading are facilitated by the Data Connection;
4. Terminating the Connection - Finally, when ready, the connection is terminated. You can manually disconnect via the client’s interface or close the client altogether. Once that is done, you must log in again to connect to the server, as FTP clients do not store user sessions.

FTP is a rather simple protocol, so establishing a connection with a server is nothing complicated. However, there are a couple of variations on how the Data Connection itself is established, called Passive and Active modes. FTP has these two modes to make navigating network configurations like Firewalls easier. Here are the primary differences between the two modes.

• Active Mode - When the Control Connection is established, and a file transfer is requested, the client provides the server with its IP address and a port it has ready for the Data Connection. The server initiates the Data Connection at that point, sending the files to the client’s IP address and port. However, the incoming connection from the server may fail because of a Firewall blocking, for example. This mode is best suited for trusted, open networks without strict firewall rules, such as what you might find in an office;
• Passive Mode - On the other hand, when the Control Connection is established in Passive Mode, the server provides the IP address and the port needed for a file transfer. That way, the client initiates it, avoiding any possible blockages on its side. This mode is most useful when the client or the server is behind a Firewall or on a public network.

Nowadays, most FTP clients default to Passive Mode because it avoids most connectivity issues. However, knowing that these modes exist can sometimes be helpful when troubleshooting connection failures.

Key Features

Now that we know what FTP is and how it works, we will outline its most prominent features. Based on what we described earlier, you probably have an idea about these features. Nonetheless, let us break them down and explain them thoroughly.

• File Transfer - The most vital feature of FTP is its ability to easily facilitate file uploads and downloads to and from a server. Not only that, but it is excellent when it comes to moving substantial amounts of data;
• Directory Management - While FTP is excellent for transferring files, it is also a great tool for managing a directory structure remotely. It easily facilitates creating, renaming, and deleting files and directories on the server;
• Transfer Modes - Depending on the type of file being transferred, FTP uses one of two transfer modes:
  • ASCII Mode - The American Standard Code for Information Interchange (ASCII) is a text-based encoding standard representing characters using numerical values. A is 65, B is 66, and so on. Since FTP is platform-independent, users on operating systems different from the server’s might need to connect to it. When transferring a text file over FTP, it is treated as plain text, which ensures the file will always display correctly, no matter the format the operating system uses;
• Binary Mode - Used for non-text files, this mode transfers files without modifying them (like what the ASCII mode does with text files). As the name suggests, the raw bytes of the file (the 0’s and 1’s) remain wholly unmodified, so they arrive at the destination the exact same way;
• Transfer Options - FTP also allows for queueing multiple file transfers simultaneously or transferring them in batches. Additionally, if at any point the connection is interrupted, many FTP clients support resuming transfer from the point of the interruption;
• User Authentication - The default method of connecting to an FTP server requires a pre-set username and password;
• Command Line Access - Users can connect to an FTP server via a Command Line Input if they prefer it to a graphical client like FileZilla;
• Security Add-ons - While FTP itself offers no security features, it is possible to add data and credentials encryption to it. Users can use either SFTP (using SSH) or FTPS (FTP with SSL/TLS).

As you can see, FTP is a versatile and adaptable protocol with a few downsides–it is an excellent choice for moving files around between users.

Drawbacks of FTP

Even though it is still widely used, FTP is a very old protocol with several glaring drawbacks that do not make it the most optimal or safe solution for modern environments. Of course, many of these drawbacks have ways to mitigate them, but you must be aware of them if you intend to use FTP.

• Lack of Security - This is easily the most critical issue FTP has. FTP, by default, has no security features or ways to encrypt its data. That means usernames, passwords, and file data are transferred in plaintext. That makes them vulnerable to being intercepted and stolen or altered. There are two ways to mitigate this, and fortunately, most modern FTP clients (like FileZilla) support them natively. They just need to be turned on server-side and will encrypt the data transfer:
  • SFTP - In reality, SFTP is FTP only by name. SFTP is a wholly separate protocol designed to transfer and manage files over a network securely. It uses SSH (Secure Shell) instead of FTP, and the naming convention helps convey its purpose but also portrays its security capabilities. SFTP’s default port is 22 instead of 21 for FTP, and as long as the client and server are enabled to use it, it works exactly like FTP;
  • FTPS - As we mentioned above, FTPS is FTP with a layer of SSL/TLS on top of it. It is similar to HTTPS in that the security protocol runs on top of the transfer protocol. Unlike SFTP, FTPS retains FTP’s commands and structure. Like SFTP, though, as long as the server and client are enabled to use this protocol, it is a perfectly viable method for modern file transfers;
• Firewall and Network Issues - Because Active Mode initiates the connection back to the client, that can cause issues with the client’s firewall, which might not recognize and block it. Additionally, Passive Mode requires a specific port to be open, which can cause further complications if it is not or is being used for something else;
• User Management - FTP servers can allow administrators to provide access to specific users via a username and password. Those users can also have access to only certain directories or files, but all of this requires careful consideration and tracking from the administrator;
• Outdated - FTP is simply old. It has not been updated since 2010 and cannot take full advantage of modern, high-performance networks. It also lacks contemporary features such as adaptive compression and integrity checks;
• Lacking Log Details - FTP does keep track of activity. However, its logs leave much to be desired compared to modern standards. For example, FTP logs offer basic details like connection times, IP addresses, and transferred files. However, they do not show if a file was transferred securely or not, nor do they track file integrity. Additionally, the logs have limited user behavior tracking: they do not show if a user tried to access a restricted directory and how many times, for example.

Despite these drawbacks, the protocol is still widely used today, albeit with a few additions and changes to mitigate them.

All our services support FTP, SFTP, and FTPS, allowing you to connect to your hosting plan with us with your choice of client. We have tutorials about some of the most popular ones here, so check them out if you are looking for additional information.

Related articles

• Why Purchasing an Email List is a Bad Idea
• What is QUIC?
• What are Cookies
• What is a CMS?
• What is a Framework?