FTP 20, 21 port, operating mode

What is FTP?

FTP is the abbreviation for the file Transfer Protocol files Transfer Protocol.

What is the FTP port number?

21st

Can I change the port number of FTP?

Yes

What is the difference between port number 20 and 21 for FTP?

One is the data port, one is the control port, the control port is generally 21, and the data port is not necessarily 20, this andFTP Application Mode, if the active mode, should be 20, if it is passive mode, by the server-side and client negotiation

FTP port mode and FTP passive mode

When you are troubleshooting an FTP problem, the first question you need to ask is whether to use port mode or passive mode. Because these two behaviors are very different, the problems caused by these two modes are not the same; in the past, the client defaults to the active (port) mode; Recently, due to the security problem of Port mode, many clients ' FTP application defaults to passive mode.

>>2.1 FTP Port Mode

The FTP steps for Port mode are as follows:

1, the client sends a TCP SYN (TCP synchronization) packet to the server segment well-known FTP control port 21, the client uses a temporary port as its source port;

2, the server sends the SYN ACK (synchronous acknowledgment) packet to the client, the source port is 21, the destination port is the ephemeral port used on the client side;

3, the client sends an ACK (confirm) packet, the client uses this connection to send the FTP command, the server side uses this connection to send the FTP reply;

4. When a user requests a list request or initiates a request to send or accept a file, the client software uses the Port command, which contains a temporary port that the client wants the server to use when it opens a data connection. The port command also contains an IP address, which is usually the client's own IP address, and FTP also supports third-party (third-party) mode, which is the client that tells the server to open a connection to another host;

5, the server sends a SYN packet to the client's ephemeral port, the source port is 20, the ephemeral port is the client in the port command sent to the server side of the ephemeral port number;

6, the client to the source port for the ephemeral port, the destination port is 20 to send a SYN ACK packet;

7, the server sends an ACK packet;

8. The host sending the data sends the data in this connection, the data is sent in the form of TCP segment (Note: segment, 4th level PDU) (some commands, such as Stor indicates that the client is sending data, RETR indicates that the server segment sends data), These TCP segments require ACK acknowledgement from each other (note: Because the TCP protocol is a connection-oriented protocol)

9, when the data transmission is completed, the host to send it with a fin command to end the data connection, the fin command needs another host to confirm the ACK, the other host also sends a FIN command, the fin command also needs to send the host of the data to confirm the ACK;

10, the client can send more commands on the control connection, which can open and close the additional data connection; Sometimes the client ends with a fin command to close a control connection, the server confirms the client's fin with an ACK packet, the server also sends its FIN, and the client confirms it with an ACK.

Illustrates the previous steps in FTP port mode:
/====================================================================\
| |
| [FTP Client] [FTP Server] |
| |
| (tcp:21 connection initialization, control port) |
| SYN |
| Port xxxx----------------------> port [tcp]|
| Syn+ack |
| Port xxxx <----------------------Port 21|
| ACK |
| Port xxxx----------------------> Port 21|
| |
| (Control actions: User column directory or transfer file) |
| |
| Port, IP, Port yyyy |
| Port xxxx <----------------------Port 21|
| Port seccussful |
| Port xxxx <----------------------Port 21|
| List, Retr or Stor |
| Port xxxx----------------------> Port 21|
| |
| |
| (tcp:20 connection initialization, data port) |
| SYN |
| Port yyyy <----------------------Port 20|
| Syn+ack |
| Port yyyy----------------------> Port 20|
| ACK |
| Port yyyy <----------------------Port 20|
| |
| |
| (Data manipulation: transmission) |
| Data + ACK |
| Port yyyy <--------------------->port 20 |
| . |
| . |
| . |
| |
\====================================================================/

FtpPort mode brings many problems to network administrators, first, the IP address and port number encoding in the Port command message is not explicitly displayed. In addition, the protocol command of the application layer should theoretically not contain network address information (note: IP address), as this breaks the protocol layer's principles and can lead to problems of interoperability and security.

is the Wildpacketsetherpeek Protocol Analyzer decoding the port command address parameters, the address parameter is the port number, see the port192,168,10,232,6,127;6,127 part of the first Arabic numerals multiplied by 256, Then add the 2nd Arabic numeral to get the port number, so the client specifies the port number is 6*256+127=1663;
/====================================================================\
| IP header-internet Protocol Datagram |
| Version:4 |
| Header length:5 (bytes) |
| |
| ............... |
| |
| Time to live:128 |
| Protocol:6 tcp-transmission Control protocol|
| Header Checksum:0xaa36 |
| Source IP address:192.168.0.1 DEMO |
| Dest. IP address:192.168.0.3 VI |
| No IP Options |
| |
| Tcp-transport Control Protocol |
| Source port:2342 manage-exec |
| Destination port:21 FTP |
| Sequence number:2435440100 |
| Ack number:9822605 |
| Offset:5 (bytes) |
| reserved:0000 |
| flags:1000 |
| 0 ..... (No Urgent pointer) |
|. 1 ..... Ack |
| .. 1 ... Push |
| .. .0.. (No Reset) |
| .. .. 0. (No SYN) |
| .. ... 0 (No FIN) |
| |
| window:65150 |
| checksum:0x832a |
| Urgent pointer:0 |
| No TCP Options |
| |
| FTP Control-file Transfer Protocol |
| Line 1:port192,168,0,1,9,39<cr><lf>|
| |
| Fcs-frame Check Sequence |
| FCS (Calculated): 0xf4c04a4f |
\====================================================================/

Verify that the server side does open a TCP connection to port 1663 from Port 20:
/====================================================================\
| Tcp-transport Control Protocol |
| Source port:20 Ftp-data |
| Destination port:1663 |
| Sequence number:2578824336 |
| Ack number:0 |
| Offset:6 (bytes) |
| reserved:0000 |
| Flag

s:0010 |
| 0 ..... (No Urgent pointer) |
|. 0 ..... (No Ack) |
| .. 0 ... (No Push) |
| .. .0.. (No Reset) |
| .. .. 1. SYN |
| .. ... 0 (No FIN) |
| |
| window:3731 |
| checksum:0x8a4c |
| Urgent pointer:0 |
| No TCP Options |
| |
| TCP Options |
| Options type:2 maxinum Segment Size |
| Length:4 |
| mss:1460 |
| |
| Fcs-frame Check Sequence |
| FCS (Calculated): 0x5a1bd023 |
\====================================================================/

When using FTP, the firewall in the network must declare the appropriate port, the firewall must track the FTP dialog and then check the port command, the firewall must participate from the server side to the client specified in the port command connection of the establishment process.

If NAT is used in the network (note: Network address translation), then the gateway of NAT also needs to declare the corresponding port, the gateway needs to translate the IP address specified in the Port command to the address assigned to the customer, and then recalculate TCP checksum, if the gateway does not perform this operation correctly, FTP has failed.

Hackers may use the feature of FTP to support third-party features, set the IP address and port number parameters in the port command to specify the address and port number of a target host (sometimes called an FTP bounce attack), For example, hackers can let an FTP server from its source port 20 constantly send Tcpsyn packets to a series of destination ports, so that the FTP server appears to be scanning port, the destination host does not know that the attack from the hacker's host, it looks like the attack from the FTP server. Some common FTP applications set the address in the port command to 0.0.0.0, and the intention is to have the FTP server only need to connect with the open control
The same customer for the data connection, setting the address to 0.0.0.0 may make the firewall overwhelmed. For example, the Cisco PIXIOS6.0 version of the PIX (NOTE: The Cisco hardware Firewall device, which has been modified for the relevant FTP protocol by more than 6.0 versions) requires that the IP address of the data connection must be the same as the IP address of the existing control connection. The reason for this is to prevent hackers from using the port command to attack other machines, While some FTP applications set the IP address to 0.0.0.0 not intentional, it does cause some problems in the PIX Remediation protocol environment, which can also cause the same problem for other firewalls that do not allow third-party mode and avoid an FTP bounce attack.

>>2.2 FTP Passive Mode

The following list describes the steps for FTP for passive mode, steps 1 through 3 and port mode FTP are the same, steps 9 through 11 are the same as the last three steps of Port mode FTP.

1, the client sends a TCP SYN (TCP synchronization) packet to the server segment well-known FTP control port 21, the client uses a temporary port as its source port;

2, the server sends the SYN ACK (synchronous acknowledgment) packet to the client, the source port is 21, the destination port is the ephemeral port used on the client side;

3, the client sends an ACK (confirm) packet, the client uses this connection to send the FTP command, the server side uses this connection to send the FTP reply;

4, when the user requests a list or send or receive files, the client software sends the PASV command to the server to indicate that the client wants to enter the passive mode;

5, the server to answer, including the server's IP address and a temporary port, this temporary port is the client in the Open data transmission connection should use the port;

6, the client sends a SYN packet, the source port is a temporary port selected by the client itself, the destination port is the ephemeral port number specified by the server in the PASV answer command;

7, the server sends the SYN ACK packet to the client, the destination port for the client to choose the ephemeral port, the source port is the PASV answer specified in the temporary port number;

8, the client sends an ACK packet;

9, the host sends the data to send the data with this connection, the data is sent in the form of TCP segment (Note: segment, 4th level PDU) (some commands, such as Stor indicates that the client wants to send data, RETR indicates that the server segment sends data), these TCP segments need the other side to confirm the ACK;

10, when the data transmission is completed, the host to send it with a fin command to end the data connection, the fin command needs another host to confirm the ACK, the other host also sends a FIN command, the fin command also needs to send the host of the data to confirm the ACK;

11, the client can send more commands on the control connection, which can open and close the additional data connection; Sometimes the client ends with a fin command to close a control connection, the server confirms the client's fin with an ACK packet, the server also sends its FIN, and the client confirms it with an ACK.

...

...

>>5.0<< Reference

FTP protocol Cluster
Http://www.ietf.org/rfc/rfc959.txt
Http://www.ietf.org/rfc/rfc1579.txt

FTP Security Extensions
Http://www.ietf.org/rfc/rfc2228.txt
Http://www.ietf.org/rfc/rfc2246.txt

FTP security extension, SSL interface draft:
Http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-13.txt

SSL/TLS protocol specification:
Http://www.ietf.org/rfc/rfc2246.txt

OpenSSL, a widely-used SSL implementation:
http://www.openssl.org

FTP client with SSL FTP support:
Http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext_col.html#client

FTP server with SSL FTP support:
Http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext_col.html#server

FTP protocol

In the TCP/IP protocol, the FTP standard command TCP port number is 21,port mode with a data port of 20. The task of the FTP protocol is to transfer files from one computer to another, regardless of where the two computers are located, how they are joined, or even whether the same operating system is used. If two computers are talking through the FTP protocol and have access to the Internet, you can use FTP commands to transfer files. There are some minor differences in the use of each operating system, but the basic command structure for each protocol is the same.
　　 There are two ways to transfer ftp: ASCII transfer mode and binary data transfer mode.
1. ASCII transmission: Assuming that the user is copying a file containing simple ASCII code text, if the remote machine is not running UNIX, when the file transfer FTP will usually automatically adjust the contents of the file in order to interpret the file as another computer to store the text file format.
However, it is often the case that users are transmitting files that contain not text files, which may be programs, databases, word processing files, or compressed files (although the word processing file contains mostly text, which also contains non-printable characters that indicate page size, font, and so on). Before copying any non-text files, use binary command to tell FTP verbatim copy, do not handle these files, this is also the following binary transmission.
2. Binary transfer mode: In binary transmission, save the file's bit order so that the original and copy are bit-wise. Even files that contain bit sequences on the destination machine are meaningless. For example, the Macintosh transmits the executable file to the Windows system in binary mode, and the file cannot be executed on the other system.
If you transfer binary files in ASCII mode, they will be translated even if they are not required. This causes the transmission to be slightly slower, and it can corrupt the data, making the file useless. (on most computers, the ASCII approach generally assumes that the first significant bit of each character is meaningless, because the ASCII character combination does not use it.) If you transfer binary files, all the bits are important. If you know that the two machines are the same, the binary method is valid for both the text file and the data file.
5.How FTP Works
FTP supports two modes, one is called standard (that is, port mode, active mode), one is Passive (that is, PASV, passive mode). The standard mode FTP client sends the port command to the FTP server. The passive mode FTP client sends the PASV command to Ftpserver.
Here's how one of these two approaches works:
The Port mode FTP client first establishes a connection to the FTP server's TCP21 port and sends a command through this channel, sending the port command on this channel when the client needs to receive the data. The port command contains what ports the client uses to receive data. When transmitting data, the server connects to the client's specified port via its TCP 20 port to send the data. The FTP server must establish a new connection with the client to transfer the data.
The passive mode is similar to standard mode when establishing a control channel, but it is not the port command that is sent after the connection is established, but the PASV command. After the FTP server receives the PASV command, randomly opens a high-end port (with a port number greater than 1024) and notifies the client to send data on this port, the client connects to this port on the FTP server, and then the FTP server transmits the data through this port. This time ftpserver no longer need to establish a new and client connection.
Many firewalls are not allowed to accept externally initiated connections when they are set up, so many FTP servers behind firewalls or intranet do not support PASV mode because clients cannot open the high-end port of the FTP server through the firewall, and many intranet clients cannot log on to the FTP server using port mode. Because the TCP20 from the server cannot establish a new connection with the client of the internal network, it does not work.

FTP 20, 21 port, operating mode