CS5008/CS6509/CS1069 Internet Computing Lab 4
A. O’Riordan, 2/11/2015
This practical is part of the continuous assessment for CS5008/CS6509/CS1069. You will be marked
on the answers you submit. Your files must contain your name, your department login name, and
your student ID number as a comment at the start of each document/file.
Submission details: You can submit your work as a PDF. Place all your work in a document called
lab4.pdf only. Email this to cs5008@cs.ucc.ie with lab4 in the subject line (all students should use
the cs5008 email address). If you do not complete the tasks in the lab, the due date is Monday 9th
Nov, 4:00pm.
FTP
This activity runs from the command line. To run these you will need to first logon to a UNIX
computer. We will use the Linux server cs1.ucc.ie, in the Computer Science department.
In this lab we will explore the FTP protocol. This is a protocol for transferring—a copy operation—
files to or from a server machine. You may also want to consult RFC 959.1
Modern FTP clients offer graphical user interfaces and modern Web browsers support FTP via the
ftp:// URL scheme2 but we will run an FTP client from the command line.
We use Anonymous FTP to download open source software from a server. In particular, we access
an open FTP server operated by HEAnet to download the latest version of OpenSSL, an open source
implementation of SSL. Anonymous FTP allows users to access FTP servers for tasks such as
downloading software updates. Users log in anonymously by providing ‛anonymous’ as the user id. It
is customary to provide your email address as the password but this is not actually checked.
Information about FTP is available online and with the man command. FTP can be invoked with
command line options; for example, the host name of the FTP server can be given. The –v option
displays verbose output, showing more detailed information such as server responses. Once the FTP
client is running the following are among the commands recognized by FTP:
? – provide help.
open <host> – establish a connection to the specified <host> FTP server.
close – terminate the FTP session with the remote server.
bye – terminate the FTP session with the remote server and exit ftp.
ascii – set the mode of file transfer to ASCII.
binary – set the mode of file transfer to binary.
verbose – toggle verbose mode.
system – show the type of operating system running on the remote machine.
status – show the current status of ftp.
1
2
http://www.ietf.org/rfc/rfc959.txt
http://tools.ietf.org/html/draft-yevstifeyev-ftp-uri-scheme-08
A number of familiar Unix shell commands such as ls, cd, and pwd are available with their usual
interpretation. The command lcd can be used to change the directory on your local (client) machine.
The command user <user-name> is used to identify yourself to the remote FTP server if you have
not done so already. The commands for sending and receiving files are put and get respectively.
There are variations of these called mput and mget for transferring multiple file that can take
wildcard in their arguments.
Activity 1: command-line FTP client (15 marks)
(a) From cs1.ucc.ie, establish an FTP connection to ftp.heanet.ie to download a file, recording the full
session in your report. List the files in the remote directory. Change directory to /pub/openssl. List
the files in this directory. Change directory to source. Ensure you are in binary mode (use status).
Ensure you are in your local home directory, change directory if necessary. Download the file
openssl-1.0.2d.tar.gz (current stable release). Note that it can be useful to view the FTP site using a
Web browser.
(b) Note the returned three-digit status codes for the get. (There should be three.)
(c) While FTP session is open, establish a second SSH connection to cs1.ucc.ie. Use netstat with grep
and wc to display the number of established FTP connections using a single (piped) command. (Note
that if there are other users there may be more than one FTP connection but there will be at least
one.) Show the command and output in your report.
(d) FTP is not secure. List two possible attacks/vulnerabilities. Name a secure alternative to FTP.
Activity 2: raw FTP using telnet (15 marks)
In this activity, we will connect to an FTP server without FTP client software using telnet. Connect
directly to the FTP server on ftp.heanet.ie using telnet and port 21. The raw FTP commands are
detailed in Section 4.1 of RFC 959. A good reference for the raw FTP commands is the nsftools
Website.3 These slides have more technical details4.
(a) Repeat the steps described in Activity 1 above using a raw session recording the session in your
report. Commands include USER, PASS, CWD, PWD, TYPE, STAT, and QUIT. (Note for example that
CWD is used instead of CD).
[more difficult] The PASV command (enter passive mode) needs to be issued before a get (RETR
command) or a LIST command so as to establish a data connection to port 20 of FTP server . Hint:
Create data connection in a separate shell (for TCP socket connection) with IP address and port
number returned by PASV command. The port number is the fifth number * 256 plus the sixth
number. This needs be done for both LIST and RETR.
(b) Give a brief explanation for the following FTP reply codes: 250, 331, and 430.
(c) Why is FTP said to be an out-of-band protocol? What is a popular in-band protocol for
downloading files on a network? end.
3
4
http://www.nsftools.com/tips/RawFTP.htm
http://www.slideshare.net/PeterREgli/ftp-6027338