FTP: the file transfer protocol FTP FTP user client interface Protocolo FTP user at host file transfer FTP server remote file system local file system • FTP utilizes two ports: - a 'data' port (usually port 20...) - a 'command' port (port 21) SISTEMAS INFORMÁTICOS SLIDES 13 FTP: Active Mode Separate control, data connections • • • • • FTP client contacts the FTP server at port 21. Client obtains authorization over control connection. Client browses remote directory by sending commands over control connection. When server receives a command for a file transfer, the server opens a TCP data connection to client (port 20). After transferring one file, the server closes connection. TCP control connection port 21 FTP client • • TCP data connection port 20 Server opens a second TCP data connection to transfer another file. FTP server maintains “state”: current directory, earlier authentication FTP: Active Mode server client PORT 1027 FTP server • In active mode the client connects from a random port (N > 1024) to the FTP server's command port, port 21. • Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. • The server will then connect back to the client's specified data port from its local data port, which is port 20. • To support the FTP active mode, the firewall at the server’s side has to have the following channels - FTP server's port 21 from anywhere (Client initiates connection) - FTP server's port 21 to ports > 1024 (Server responds to client's control port) - FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port) - FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port) FTP: Active Mode • There is a problem with active mode at the client side. • The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. • From the client side firewall this appears to be an outside system initiating a connection to an internal client-something that is usually blocked at the firewall. client server 1 FTP Active Mode: dialog example testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2 Connected to testbox2.slacksite.com. 220 testbox2.slacksite.com FTP server ready. Name (testbox2:slacker): slacker ---> USER slacker 331 Password required for slacker. Password: TmpPass ---> PASS XXXX 230 User slacker logged in. ---> SYST 215 UNIX Type: L8 Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ftp: setsockopt (ignored): Permission denied ---> PORT 192,168,150,80,14,178 200 PORT command successful. ---> LIST 150 Opening ASCII mode data connection for file list. drwx------ 3 slacker users 104 Jul 27 01:45 public_html 226 Transfer complete. ftp> quit ---> QUIT 221 Goodbye. Port = (14*256)+178=3762 FTP: Passive Mode (Firewall) FTP: Passive Mode • In passive mode the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. • When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). • The first port contacts the server on port 21, but instead of sending a PORT command the client will send the PASV command. • The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. • The client then initiates the connection from port N+1 to port P on the server to transfer data. FTP Passive Mode • To support passive mode, the firewall of the server has to implement the following rules: server – FTP server's port 21 from anywhere (Client initiates connection) – FTP server's port 21 to ports > 1024 (Server responds to client's control port) – FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server) – FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port) FTP Passive Mode: dialog example testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2 Connected to testbox2.slacksite.com. 220 testbox2.slacksite.com FTP server ready. Name (testbox2:slacker): slacker ---> USER slacker 331 Password required for slacker. Password: TmpPass ---> PASS XXXX 230 User slacker logged in. ---> SYST 215 UNIX Type: L8 Remote system type is UNIX. Using binary mode to transfer files. ftp> passive Passive mode on. ftp> ls ftp: setsockopt (ignored): Permission denied ---> PASV 227 Entering Passive Mode (192,168,150,90,195,149). ---> LIST 150 Opening ASCII mode data connection for file list drwx------ 3 slacker users 104 Jul 27 01:45 public_html 226 Transfer complete. ftp> quit ---> QUIT 221 Goodbye. client PASV PORT 2024 FTP: Active vs Passive Mode Active FTP: command: data: client (>1024) server 21 client (>1024) server 20 Passive FTP: command: client (>1024) server 21 data: client (>1024) server (>1024) 2 FTP: Active vs Passive Mode FTP commands, responses • Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Sample commands: Sample return codes • sent as ASCII text over control channel • USER username • PASS password • Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side. • LIST return list of file in current directory • status code and phrase (as in HTTP) • 331 Username OK, password required • 125 data connection already open; transfer starting • 425 Can’t open data connection • 452 Error writing file • RETR filename retrieves (gets) file • STOR filename stores (puts) file onto remote host Access Control Commands USER PASS CWD CDUP QUIT specify user specify password change directory change directory to parent logout Service Commands RETR STOR STOU APPE ABOR PWD LIST retrieve file send file send file and save as unique send file and append abort previous service command print working directory transfer list of files over data link Transfer Commands PORT PASV TYPE MODE STRU publish local data port server should listen establish data representation establish transfer mode establish file structure FTP Replies • All replies are sent over control connection. • Replies are a single line containing – 3 digit status code (sent as 3 numeric chars). – text message. • Status code is used by programs, text is for humans. 3 Data Transfer Modes • STREAM: file is transmitted as a stream of bytes. • BLOCK: file is transmitted as a series of blocks preceded by headers containing count and descriptor code (EOF, EOR, restart marker). • COMPRESSED: uses a simple compression scheme - compressed blocks are transmitted. Electronic Mail outgoing message queue user mailbox Three major components: • user agents. • mail servers. • simple mail transfer protocol: SMTP. User Agent • mail reader. • composing, editing, reading mail messages. • e.g., Eudora, Outlook, Netscape Messenger • outgoing, incoming messages stored on server. user agent mail server user agent SMTP mail server SMTP SMTP mail server user agent user agent user agent user agent Electronic Mail: SMTP [RFC 821] • uses TCP to reliably transfer email message from client to server, port 25 • direct transfer: sending server to receiving server • three phases of transfer – handshaking (greeting) – transfer of messages – closure • command/response interaction – commands: ASCII text – response: status code and phrase Protocolo SMTP (Email) Electronic Mail: mail servers Mail Servers • mailbox contains incoming messages for user • message queue of outgoing (to be sent) mail messages • SMTP protocol between mail servers to send email messages – client: sending mail server – “server”: receiving mail server user agent mail server user agent SMTP mail server SMTP SMTP mail server user agent user agent user agent user agent Alice sends a message to Bob 4) SMTP client sends Alice’s message over the TCP connection 5) Bob’s mail server places the message in Bob’s mailbox 6) Bob invokes his user agent to read message (IMAP; POP3) 1) Alice uses UA to compose message and “to” bob@dei.uc.pt 2) Alice’s UA sends message to her mail server; message placed in message queue 3) Client side of SMTP opens TCP connection with Bob’s mail server 1 user agent 2 mail server 3 mail server 4 5 6 user agent • messages must be in 7-bit ASCII 4 Try SMTP interaction for yourself: SMTP Commands • • • • • • • • • • • HELO MAIL FROM: TO: VRFY address EXPN DATA RSET NOOP DEBUG [level] HELP QUIT hostname startup and give your hostname sender-address mail recipient-address does this address actually exist (verify) address expand this address start giving you the body of the mail message reset state and drop current mail message do nothing set debugging level give me some help please close this connection SMTP: final words Sample SMTP interaction S: C: S: C: S: C: S: C: S: C: C: C: S: C: S: 220 smtp.isctem.com HELO xpto.isctem.com 250 Hello xpto, pleased to meet you MAIL FROM: <deus@paraiso.com> 250 deus@paraiso.com... Sender ok RCPT TO: <irene@hotmail.com> 250 irene@hotmail.com ... Recipient ok DATA 354 Enter mail, end with "." on a line by itself Irene, terás que mudar de clube caso queiras atingir o paraíso… . 250 Message accepted for delivery QUIT 221 isctem.com closing connection – To: – From: – Subject: different from SMTP commands! • body header • SMTP uses persistent connections • SMTP requires message (header & body) to be in 7-bit ASCII • SMTP server uses CRLF.CRLF to determine end of message blank line • HTTP: pull • SMTP: push • both have ASCII command/response interaction, status codes • HTTP: each object encapsulated in its own response msg • SMTP: multiple objects sent in multipart msg • MIME: multimedia mail extension, RFC 2045, 2056 • additional lines in msg header declare MIME content type MIME version body Comparison with HTTP: Message format: multimedia extensions Mail message format SMTP: protocol for exchanging email msgs RFC 822: standard for text message format: • header lines, e.g., • telnet smtp_server 25 • see 220 reply from server • enter HELO, MAIL FROM, RCPT TO, DATA, QUIT commands method used to encode data multimedia data type, subtype, parameter declaration encoded data From: alice@crepes.fr To: bob@hamburger.edu Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data ..... ......................... ......base64 encoded data – the “message”, ASCII characters only 5 Multipart Type MIME types Content-Type: type/subtype; parameters Text Video • example subtypes: plain, html • example subtypes: mpeg, quicktime Image Application • example subtypes: jpeg, gif • other data that must be processed by reader before “viewable” • example subtypes: msword, octetstream Audio • example subtypes: basic (8-bit mu-law encoded), 32kadpcm (32 kbps coding) Mail access protocols SMTP SMTP user agent sender’s mail server access protocol user agent receiver’s mail server • SMTP: delivery/storage to receiver’s server • Mail access protocol: retrieval from server – POP: Post Office Protocol [RFC 1939] • authorization (agent <-->server) and download – IMAP: Internet Mail Access Protocol [RFC 1730] • more features (more complex) • manipulation of stored msgs on server – HTTP: Hotmail , Yahoo! Mail, etc. POP3 and IMAP POP3 • Previous example uses “download and delete” mode. • Bob cannot re-read email if he changes client. • “Download-and-keep”: copies of messages on different clients. • POP3 is stateless across sessions. IMAP • Keep all messages in one place: the server. • Allows user to organize messages in folders. • IMAP keeps user state across sessions: – names of folders and mappings between message IDs and folder name From: alice@crepes.fr To: bob@hamburger.edu Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=StartOfNextPart --StartOfNextPart Dear Bob, Please find a picture of a crepe. --StartOfNextPart Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data ..... ......................... ......base64 encoded data --StartOfNextPart Do you want the recipe? POP3 protocol (port 110) authorization phase • client commands: – user: declare username – pass: password • server responses – +OK – -ERR transaction phase, client: • list: list message numbers • retr: retrieve message by number • dele: delete • quit S: C: S: C: S: +OK POP3 server ready user bob +OK pass hungry +OK user successfully logged C: S: S: S: C: S: S: C: C: S: S: C: C: S: list 1 498 2 912 . retr 1 <message 1 contents> . dele 1 retr 2 <message 1 contents> . dele 2 quit +OK POP3 server signing off on IMAP • Fully compatible with Internet messaging standards, e.g. MIME. • Allow message access and management from more than one computer. • Allow access without reliance on less efficient file access protocols. • Provide support for "online", "offline", and "disconnected" access modes * • Support for concurrent access to shared mailboxes • Client software needs no knowledge about the server's file store format. 6