What Is FTP and How Does It Work?

The acronym FTP stands for “File Transfer Protocol.” At its heart, FTP is a set of simple rules that allows two computers to connect and exchange data files via a network (that may or may not be the internet).

Technically speaking, FTP is part of the TCP/IP application layer and refers to the protocols (or rules) for initiating, identifying, sending, receiving, and terminating the transfer of one or more files between two or more computers across a network.

The rules for FTP were written by a computer programmed named Abhay Bhushan in 1971. The capability of using FTP to send and receive files has existed in all the major computer operating systems since before graphical user interfaces were invented and are thus included in nearly all versions of Windows, Mac OS, Unix, and Linux.

There are several ways to engage FTP in order to send and receive files. The first method is to use a browser. When using a browser to send and receive files, the address bar (where normally URLs beginning with “http” go) will contain an ftp address followed by a colon and the network address of the FTP site or server. The other two ways to use FTP is by a client application (a specialized software program) or by using command-line instructions.

FTP is a very simple protocol. Using FTP, you are limited to listing existing files in a directory, creating a file directory, removing a file or directory, and transferring (either uploading or downloading) files, assuming you have the requisite permissions to do so.

FTP is considered a “client-server” protocol because one computer is considered the client and the second computer is considered the server. Most commonly, if you are using your computer to log into an FTP site, your computer will be considered the client while the computer hosting the files (or file storage area) would be the server.

When you first attempt to connect with the FTP server, you’ll send a cleartext request. The server will then inform the client (your computer) which port to use and then delivers a three-digit status code in plaintext. For instance, the status code “200” means that the last command was successful. If a username and password are required, this will be sent by the client. Once accepted, the client will then be able to download or upload files, get a listing of existing files and folders/directories, and the ability to delete or create new folders/directories. These abilities can be restricted by the FTP server by adjusting the permissions of the client computer.

As the computer files are transferred, one of four different “representations” is used. One is called ASCII which is usually limited to text only transmissions. ASCII is an internationally recognized character set that ensures compatibility between text characters (so the letter “A” on your computer is understood to be the same letter “A” on the receiving computer).

Other FTP file transfer “representations” include image or binary mode where the file being transferred is sent byte by byte, in order. More rarely, FTP transfer modes also include EBCDIC mode (plaintext exchanges using the EBCDIC character set) and local mode in which two computers exchange files in the original, proprietary data format without first converting it to ASCII (or EBCDIC) text.

By default, most FTP clients use binary mode. ASCII transfers are acceptable for text files and HTML files, but binary mode is mandatory for images, videos, software programs, and zipped (as well as .sit or .tar) files.

FTP data is sent in one of three modes: streaming (data is sent continuously until the entire file is transferred), block mode (data is sent in blocks with header and byte count information to verify complete reception), and compressed mode (zipped or compressed in some way). Stream mode is the simplest as both the FTP server and client don’t need to process anything, just wait for the transmission to end. The downside to streaming mode is that the data might be corrupted along the way. Block mode requires that the receiving computer verify that each block matches the header and byte count information, but it does ensure that every byte of data was successfully transmitted.

If you ask a computer expert, they’ll tell you that FTP is actually three things. It’s the protocol (or rules) for sending and receiving files, it’s also an application (or software program), and it is a useful service. When you use your computer to connect to an FTP server (which provides the “service”), you’ll be using an application (a browser or a software program), and the manner in which files will be transferred will adhere to the FTP protocol.

Since FTP was created nearly 50 years ago for “dumb terminals” and computers without graphical interfaces, it is still possible to use FTP to send and receive files entirely by text commands in the terminal. But most people today prefer to use either standalone FTP software (often called “FTP clients”) or their browsers to send and receive files via FTP.

One of the biggest benefits of FTP in the modern internet era is that it allows for easy and reliable transmission and receipt of large files that are too big to be sent by other methods (i.e. as attachments to an email). In addition, FTP lets you verify that a file has been sent/received.

FTP is also often used for what are known as FTP archives or FTP websites. These publicly available FTP servers contain archives of files that anyone can download whether they are movies, audio files, text files, or other types of computer files. If no login information is required to access these servers (usually, the convention is to put “anonymous” as the username and then your email address as the “password”), they are known as “anonymous” FTP servers/sites/archives.

Users should always be wary when accessing anonymous FTP servers and downloading files as they may contain viruses or other malicious software. Anonymous FTP servers aren’t truly anonymous as visitors are requested to provide their (real) email address so that the administrator knows who is logging on and which files they are accessing. Furthermore, your IP address will always be logged when you access an FTP server, including “anonymous” FTP servers.

Other uses for public FTP servers include archives of free/open source software, free builds/versions of Linux, government repositories of public domain information, genealogical data, and archives of astronomical observations. Many scientific organizations and agencies also use public FTP servers to store and disseminate large files or vast quantities of files.

FTP servers are also widely used in office and school environments, serving as a repository for files of interested to employees/students as well as a storage area for employees/students to send files. The FTP protocol means that it is irrelevant what operating system your computer or mobile device is using. And FTP servers are extremely useful when the server is handling a lot of large files that cannot be easily sent or received by other methods.

Unfortunately, FTP was not originally designed to permit encrypted or secure connections between computers. Thus, FTP servers are vulnerable to a number of attack methods, including spoofing attacks, username enumerations, port stealing, packet capture, FTP bounce attacks, and brute force attacks. One especially egregious vulnerability (in the modern era of internet FTP) is that all transmissions are in clear text, meaning that malefactors could potentially capture usernames, passwords, and even the data being transferred.

In response to these weaknesses, the FTPS (FTP Secure) protocol was invented. This is essentially normal FTP with added support for the Transport Layer Security protocol (formerly known as SSL). Since 1996, FTPS has been available, so all FTP servers dealing with sensitive files should have FTPS implemented. Much like how HTTPS is more secure than HTTP, FTPS ensures that all or part of the data being transferred is encrypted.

Open source, free FTP software clients include Fetch and Fugu (Mac), FileZilla and FireFTP (Windows) and FTP Face (Linux). These software programs will usually handle all of the background work for you, including determining which representation to use and which transfer mode to use.

It’s also relatively easy to turn your mobile phone or tablet into an FTP server. This can be a simple, free, and easy way to share files on your phone with your home computer. Windows users can use the software program “FileZilla Server” to set up a home server while Mac users can enable “Remote Login” from the “Sharing” tab of System Preferences. However, keep in mind that if you’re remotely logging into your home computer network while you’re somewhere else, you’ll need to make sure that your router is set up for “port forwarding” to allow for remote FTP connections. By default, the FTP protocol is addressed by ports 20 and 21.

Despite its ancient origins, the FTP protocol remains a key component of the modern internet. Many software programs, applications, and websites rely on FTP to send and receive files even if not all users are aware that the FTP protocol is being invoked.