12 July 2022 | 5 min read | Beatričė Raščiūtė

File Transfer Protocol Explained

What does FTP stand for? What is the importance of this protocol? How does it work? Read this post to learn all about the File Transfer Protocol.

Two computers exchanging files with FTP sign above them.

Have you ever downloaded files – books, movies, images or games – from the internet? If you have, without actually knowing it, you might have used the File Transfer Protocol (FTP) – a standard internet protocol for data sharing via the internet. Perhaps you are already wondering how exactly does FTP work, and what is an FTP server?

What FTP server software do you need if you want to send data? Does an FTP server have secure connection options? Is it possible to ensure safe data sharing via FTP?

We tackle these important questions in this article. Continue reading if you want to learn more about the File Transfer Protocol.

What is an FTP protocol?

FTP is one of the oldest internet protocols that was first introduced on April 16, 1971. It describes the process of data transfer between devices across the internet. 

More specifically, FTP is a standard communication protocol for transferring files from the FTP server, or a remote host, to an FTP client and vice versa. To put it simply, FTP enables file sharing between two devices – for example – two computers. One device is a personal computer with an FTP client installed and another is an FTP server.

FTP commands being transferred between an FTP client and an FTP server.
FTP commands between an FTP client and an FTP server

In other words, if you are uploading files, you transfer data from your device to the FTP server. Conversely, when you are downloading, the FTP server sends data to your device. 

Web developers can also use FTP servers to manipulate their websites’ web pages. Developers can perform remote file editing and quickly upload the necessary files to the web server via an FTP client. 

That said, it is important to note that modern websites usually use more advanced systems, like the Content Management System (CMS), to share files without FTP more efficiently and safely. 

Types of FTP connections

There are three types of FTP connection: 

  • FTP
  • FTPS
  • FTPES 

FTP is a default unencrypted protocol that uses port number 21 to establish a connection, or a control channel, with an FTP server. Then, it opens a data channel via port 20 to upload and download files from the server. 

However, this default connection does not have any additional protection measures integrated. The protocol does not encrypt the traffic and sends usernames and passwords in clear text. Unfortunately, due to this, hackers can intercept the connection and attempt to steal users’ credentials and files.

FTPS (File Transfer Protocol Secure) is an extension of the FTP protocol that makes it more secure. FTPS supports Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Essentially, FTPS can encrypt both control and data channels to ensure a secure connection.

FTPES (explicit FTPS) uses port 21 to establish a secure SSL connection. In other words, the user first connects to the FTP server and requests to turn on the secure connection. That way, FTPES ensures data security and allows users to send sensitive information while protecting it from malicious actors.

A laptop with a shield in front of it and a word secure in the browser.
FTPS ensures a secure connection

An improved version of FTPS is the SSH File Transfer Protocol (SFTP) – a secure file transfer protocol. SFTP uses the Secure Shell Protocol (SSH) and encrypted FTP commands to prevent spoofing of users’ login credentials and their files. Also, SFTP makes it difficult for hackers to connect to an SFTP server and steal any data.

FTP clients

An FTP client is software installed on a personal computer that communicates with an FTP server to retrieve files. Once connected, users can upload or download files from the FTP server via the software. Also, they can rename or delete files if needed.

If users want to use core FTP functionalities, it is not necessary to download an FTP client. Most web browsers use extensions that enable users to access files similarly to FTP clients. However, if users want to upload their files to the server, they have to install a client. An FTP client is especially useful for uploading or downloading files in bulk.

There are many FTP clients to choose from. For example, FileZilla is user-friendly open-source software compatible with popular operating systems, such as Windows, Mac and Linux.

A screenshot of the FileZilla FTP client.
FileZilla FTP client

FileZilla supports the transfer of files larger than 4GB. Also, it supports both secure file transfer protocols: SFTP and FTPS.

Most FTP clients on the market have similar functionalities allowing users to upload files and download files. Some clients can also offer disaster recovery, which is a function that restores data lost due to human error or malicious attacks.

Ultimately, when choosing the most suitable FTP client for your business or personal use, consider what functionalities you need. Also, think about whether you need data encryption to ensure the safety of your file transfers.

How do FTP servers work? 

A File Transfer Protocol server, or FTP host, is responsible for file storage and sharing across the internet. If you want to connect to an FTP or SFTP server to transfer files, you may need to use a username and password.

There are public FTP servers that allow an anonymous connection. This means that you do not need a username and password to connect to the server. However, keep in mind that anonymous FTP servers may not support protocol extensions such as SFTP or SSH File Transfer Protocol, which ensure safe data transferring. 

Unfortunately, traditional FTP servers lack security, and so you should use them with caution. Despite security vulnerabilities, FTP servers enable fast transferring of large documents to ensure a smooth sharing process. Also, if companies use FTP servers, they can schedule massive transfers on weekends or evenings to increase their workflow during off-hours.

Network administrators can choose two connection modes for their FTP servers: active mode or passive mode. In active mode, the client creates the control channel and the FTP server creates a data channel. In passive mode, the client initiates both channels.

Two different connection modes for FTP servers: active mode or passive mode.
Active and Passive mode connections

From a security standpoint, neither of the two modes ensures a secure FTP connection or data protection. Therefore, network administrators should consider adding protocol extensions like SFTP to ensure that users can share their data safely.

Conclusion

Even though the File Transfer Protocol was created over five decades ago to transfer files over networks, we still use it today. Web-based FTP software is easy to use for personal purposes and single transfers. Meanwhile, an FTP client might be more suitable for businesses if companies need more efficiency while sending multiple large files. 

Unsurprisingly, FTP is considered an outdated protocol that needs to be complemented with additional extensions to increase its security. Also, FTP no longer complies with our digital security needs due to the risks posed by cyberattacks and other malicious acts. 

FTP cannot ensure that you can share images or other data without someone peeking at it. Luckily, more advanced extensions – including FTPES or SFTP – can add an additional layer of protection to secure your data. Therefore, it is crucial to choose reputable FTP firmware that can secure file sharing and also offer efficiency.


About the author

Beatričė Raščiūtė

Technical Content Writer

Beatričė is a Technical Content Writer at IPXO. Having experience in translations, she decided to test new waters in the tech industry as a writer. While creating content, she dives deep into different internet and networking topics with the goal to present valuable information in the most reader-friendly way.