Windows - User Group Presentation
advertisement
The Technology Firm Started at an User Group Meeting FTP Notes © 2004, The Technology Firm WWW.THETECHFIRM.COM info@thetechfirm.com What is FTP RFC959 The File Transfer Protocol (FTP) provides file transfer capability between hosts. FTP uses TCP to create a virtual connection for control information and then creates a separate TCP connection for data transfers. The control connection uses an image of the TELNET protocol to exchange commands and messages between hosts. © 2004, The Technology Firm WWW.THETECHFIRM.COM The FTP Model (as per RFC 959) User Interface Server Protocol Interpreter (PI) FTP Commands/Replies TCP Port 21 User Protocol Interpreter (PI) File System File System Server Data Transfer Process (DTP) FTP Data TCP Port 20 © 2004, The Technology Firm WWW.THETECHFIRM.COM User Data Transfer Process (DTP) The Protocol Interpreter Server Protocol Interpreter listens on port 21 for the Client Protocol Interpreter’s request. The ‘Control Connection’ uses this communication path. Connection follows Telnet Protocol. 3 Way Handshake Login and other commands Client PC FTP Data TCP Port 20 Server FTP FTP Control TCP Port 21 © 2004, The Technology Firm FTP Control TCP Port 21 WWW.THETECHFIRM.COM FTP Data TCP Port 20 The Data Transfer Process The data transfer process establishes and manages the data connection. The DTP can be passive or active. When the client initiates a control connection on TCP port 21 and the server opens TCP port 20 for data, this is called an Active Connection. When the client initiates a control connection on TCP port 21 and the server opens a random TCP port for data (via the PASSV command), this is called an Passive Connection. Client PC FTP Data TCP Port 20 FTP Control TCP Port 21 © 2004, The Technology Firm Server FTP Download WWW.THETECHFIRM.COM FTP Data TCP Port 20 FTP Control TCP Port 21 Specifying the Transfer Mode Transferring data between dissimilar systems often requires transformations of the data as part of the transfer process. The user has to decide on two aspects of the data handling: The way the bits will be moved from one place to another. The different representations of data upon the system's architecture. This is controlled using the following subcommands: Mode - Specifies whether the file is to be treated as having a record structure in a byte stream format. Block – Data is sent as a series of data blocks preceded by header bytes. Stream - The file is treated as a byte stream and record structures are allowed. This is the default, and provides more efficient transfer but may not produce the desired results when working with a record-based file system. Compressed – Filler and data is compressed. Type - Specifies the character sets used for the data. ASCII - Indicates that both hosts are ASCII-based, or that if one is ASCII-based and the other is EBCDIC-based, that ASCII-EBCDIC translation should be performed. EBCDIC - Indicates that both hosts use an EBCDIC data representation. Image - Indicates that data is to be treated as contiguous bits packed in 8-bit bytes. Because these subcommands do not cover all possible differences between systems, the SITE subcommand is available to issue implementation-dependent commands. © 2004, The Technology Firm WWW.THETECHFIRM.COM FTP Data Types ASCII – Default for Text Files S 7 1 U 7 E 7 1 1 bits EBCDIC – Used for IBM Text Files S 8 U 8 E 8 bits IMAGE – Used to exchange data between similar workstations 10101100 10101100 10101100 8 © 2004, The Technology Firm 8 8 WWW.THETECHFIRM.COM bits FTP Access Control Commands ACCT <account> PASS <password> USER <username> REIN QUIT © 2004, The Technology Firm Account for system privileges. Password for system log-in. User name for system log-in. Reinitialize connection to log-in status. Log off from the FTP server. WWW.THETECHFIRM.COM FTP Transfer Commands PORT <address> PASV TYPE <data type> STRU <type> MODE <mode> © 2004, The Technology Firm IP address and two-byte system port ID. Request server wait for data connection. Data type (A=ASCII, E=EBCDIC, I=binary). Data structure (F=file, R=record, P=page). Transfer mode (S=stream, B=block, C=compressed). WWW.THETECHFIRM.COM FTP Service Commands ABOR Abort data connection process. ALLO <bytes> Allocate bytes for file storage on server. APPE <filename> Append file to file of same name on server. CWD <dir path> Change working directory on server. DELE <filename> Delete specified file on server. HELP <command> Return information on specified command. LIST <name> List file or directory details. NLST <directory> List contents of specified directory. NOOP Cause no action other than acknowledgment from server. SITE <params> Site specific parameters provided by server. STAT <directory> Return information on current process or directory. STOR <filename> Store (copy) file to server. RETR <filename> Retrieve (copy) file from server. REST <offset> Restart file transfer from given offset. RNFR <old path> Rename from old path. RNTO <new path> Rename to new path. RMD <directory> Remove specified directory on server. CDUP <dir path> Change to parent directory on server. MKD <directory> Create specified directory on server. PWD Display current working directory. SMNT <pathname> Mount the specified file structure. SYST Return operating system used by server. © 2004, The Technology Firm WWW.THETECHFIRM.COM Response Code Explanation If you send a command to an FTP server, you will receive a three-digit response code (ABC) describing how the server processed your command: Details for A: 1 = the command was successful, but you need to wait for another response code before issuing your next command. 2 = the successful completion of a command. 3 = the server needs more information before it can complete the request. 4 = the system was too busy to process the command and that you should try again later. 5 = some kind of error; you should resolve the error before trying the command again. Details B: 1 = File status or help 2 = Connection status 3 = User information 4 = Unspecified 5 = Action not taken Details C: More details, if required. © 2004, The Technology Firm WWW.THETECHFIRM.COM FTP Response Codes Response Explanatory Code Text 110 Restart marker at MARK yyyy=mmmm (new file pointers). 120 Service ready in nnn minutes. 125 Data connection open, transfer starting. 150 Open connection. 200 OK. 202 Command not implemented. 211 (System status reply). 212 (Directory status reply). 213 (File status reply). 214 (Help message reply). 215 (System type reply). 220 Service ready. 221 Log off network. 225 Data connection open. 226 Close data connection. 227 Enter passive mode (IP address, port ID). 230 Log on network. 250 File action completed. 257 Path name created. 331 Password required. 332 Account name required. © 2004, The Technology Firm WWW.THETECHFIRM.COM FTP Response Codes Response Code 332 350 421 425 426 450 451 452 500 501 502 503 504 530 532 550 551 552 553 Explanatory Text Account name required. File action pending. Service shutting down. Cannot open data connection. Connection closed. File unavailable. Local error encountered. Insufficient disk space. Invalid command. Bad parameter. Command not implemented. Bad command sequence. Parameter invalid for command. Not logged onto network. Need account for storing files. File unavailable. Page type unknown. Storage allocation exceeded. File name not allowed. © 2004, The Technology Firm WWW.THETECHFIRM.COM FTP Browser Syntax Example ftp://username:password@ftp.microsoft.com © 2004, The Technology Firm WWW.THETECHFIRM.COM Anatomy Of A FTP Setup Conversation No. Source Destination 1 209.90.146.26 216.254.136.5 2 216.254.136.5 209.90.146.26 Protocol Info DNS Standard query A ftp.mcafee.com DNS Standard query response CNAME ftp.nai.com A 161.69.2.23 DNS NAME LOOKUP 3 209.90.146.26 4 ftp.nai.com 5 209.90.146.26 ftp.nai.com 209.90.146.26 ftp.nai.com TCP TCP TCP 1341 > ftp [SYN] Seq=6311818 Ack=0 Win=17600 Len=0 ftp > 1341 [SYN, ACK] Seq=586858563 Ack=6311819 Win=16616 Len=0 1341 > ftp [ACK] Seq=6311819 Ack=586858564 Win=17600 Len=0 6 ftp.nai.com 7 209.90.146.26 8 209.90.146.26 9 ftp.nai.com 10 209.90.146.26 209.90.146.26 ftp.nai.com ftp.nai.com 209.90.146. ftp.nai.com FTP TCP FTP 26 TCP Response: 220 sncwebftp6 Microsoft FTP Service (Version 5.0). Login ID 1341 > ftp [ACK] Seq=6311819 Ack=586858617 Win=17547 Len=0 Request: USER anonymous FTP Response: 331 Anonymous access allowed, send identity (e-mail name) as password. 1341 > ftp [ACK] Seq=6311835 Ack=586858689 Win=17475 Len=0 11 209.90.146.26 12 ftp.nai.com 13 209.90.146.26 ftp.nai.com 209.90.146.26 ftp.nai.com FTP FTP TCP Request: PASS tony@testing.com Response: 230-You are connected to ftp.nai.com. 1341 > ftp [ACK] Seq=6311858 Ack=586858729 Win=17435 Len=0 14 ftp.nai.com 15 209.90.146.26 209.90.146.26 ftp.nai.com FTP TCP Response: 230-Your use is subject to the terms and conditions 1341 > ftp [ACK] Seq=6311858 Ack=586858913 Win=17251 Len=0 3 Way Handshake Password Control Data uses Port 21. With this analyzer, TCP Port 21 is labeled as ‘ftp’. Output from Ethereal © 2004, The Technology Firm WWW.THETECHFIRM.COM Anatomy Of An Active Conversation 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 209.90.146.26 ftp.nai.com 209.90.146.26 ftp.nai.com ftp.nai.com 209.90.146.26 209.90.146.26 ftp.nai.com ftp.nai.com ftp.nai.com 209.90.146.26 ftp.nai.com 209.90.146.26 209.90.146.26 ftp.nai.com ftp.nai.com 209.90.146.26 209.90.146.26 ftp.nai.com ftp.nai.com 209.90.146.26 209.90.146.26 209.90.146.26 ftp.nai.com ftp.nai.com 209.90.146.26 ftp.nai.com 209.90.146.26 209.90.146.26 ftp.nai.com ftp.nai.com 209.90.146.26 209.90.146.26 209.90.146.26 ftp.nai.com 209.90.146.26 ftp.nai.com ftp.nai.com 209.90.146.26 209.90.146.26 ftp.nai.com ftp.nai.com 209.90.146.26 209.90.146.26 ftp.nai.com ftp.nai.com ftp.nai.com 209.90.146.26 FTP FTP FTP FTP TCP TCP TCP TCP FTPFTPTCP FTPTCP TCP FTP TCP TCP FTP TCP FTP TCP TCP TCP TCP Request: PORT 209,90,146,26,5,62 5 x256 + 62 = 1342. This number Will define Response: 200 PORT command successful. the TCP file transfer connection port number. The Request: RETR legal.txt first four comma-delimited numbers represent the Response: 150 Opening ASCII mode data connection for legal.txt(1466 IP address. bytes). ftp-data > 1342 [SYN] Seq=597748893 Ack=0 Win=16384 Len=0 1342 > ftp-data [SYN, ACK] Seq=6332164 Ack=597748894 Win=17600 Len=0 1341 > ftp [ACK] Seq=6311899 Ack=586859010 Win=17154 Len=0 ftp-data > 1342 [ACK] Seq=597748894 Ack=6332165 Win=16616 Len=0 DATA FTP Data: 536 bytes DATA FTP Data: 536 bytes 1342 > ftp-data [ACK] Seq=6332165 Ack=597749966 Win=17600 Len=0 DATA FTP Data: 394 bytes 1342 > ftp-data [ACK] Seq=6332165 Ack=597750361 Win=17206 Len=0 1342 > ftp-data [FIN, ACK] Seq=6332165 Ack=597750361 Win=17206 Len=0 Response: 226 Transfer complete. ftp-data > 1342 [ACK] Seq=597750361 Ack=6332166 Win=16616 Len=0 1341 > ftp [ACK] Seq=6311899 Ack=586859034 Win=17130 Len=0 Request: QUIT ftp > 1341 [FIN, ACK] Seq=586859072 Ack=6311905 Win=16530 Len=0 Response: 221 Thanks for using ftp.nai.com! 1341 > ftp [ACK] Seq=6311905 Ack=586859034 Win=17130 Len=0 1341 > ftp [ACK] Seq=6311905 Ack=586859073 Win=17092 Len=0 1341 > ftp [FIN, ACK] Seq=6311905 Ack=586859073 Win=17092 Len=0 ftp > 1341 [ACK] Seq=586859073 Ack=6311906 Win=16530 Len=0 FTP Data uses Port 20. With this analyzer, TCP Port 20 is labeled as ‘ftp-data’. Since this connection uses TCP port 20/21, this is called a Active Connection. Output from Sniffer Pro © 2004, The Technology Firm WWW.THETECHFIRM.COM Anatomy Of An Passive Conversation 16 x256 + 54 = 4150. This number will define the TCP file transfer connection port number. The first four comma-delimited numbers represent the IP address. FTP Data uses Port 20. Since this connection uses TCP port 4150, this is called a Passive Connection. © 2004, The Technology Firm WWW.THETECHFIRM.COM
