Protocolo FTP. FTP: Active Mode. FTP: Active Mode. FTP: Active Mode. FTP: the file transfer protocol. Separate control, data connections

Protocolo FTP

SLIDES 13 SISTEMAS INFORMÁTICOS

FTP: the file transfer protocol

• FTP utilizes two ports:

- a 'data' port (usually port 20...)

- a 'command' port (port 21)

file transfer _FTP server FTP user interface FTP client local file system remote file system user at host

Separate control, data connections

server at port 21.

• Client obtains authorization over control connection.

• Client browses remote directory by sending commands over control connection. • When server receives a

command for a file transfer, the server opens a TCP data connection to client (port 20). • After transferring one file, the

server closes connection.

FTP client serverFTP TCP control connection port 21 TCP data connection port 20

• Server opens a second TCP data connection to transfer another file.

• FTP server maintains “state”: current directory, earlier authentication

FTP: Active Mode

FTP server's command port, port 21.

• Then, the client starts listening to port N+1 and sends the FTP command PORT N+1to the FTP server.

• The server will then connect back to the client's specified data port from its local data port, which is port 20.

• To support the FTP active mode, the firewall at the server’s side has to have the following channels

- FTP server's port 21 from anywhere (Client initiates connection) - FTP server's port 21 to ports > 1024 (Server responds to client's control port)

- FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)

- FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)

FTP: Active Mode

FTP: Active Mode

• There is a problem with active mode at the client side. • The FTP client doesn't make the actual connection to the

data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client.

• From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked at the firewall.

FTP Active Mode: dialog example

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2 Connected to testbox2.slacksite.com.

220 testbox2.slacksite.com FTP server ready. Name (testbox2:slacker): slacker ---> USER slacker 331 Password required for slacker. Password: TmpPass ---> PASS XXXX 230 User slacker logged in. ---> SYST

215 UNIX Type: L8 Remote system type is UNIX. Using binary mode to transfer files. ftp> ls

ftp: setsockopt (ignored): Permission denied ---> PORT 192,168,150,80,14,178 200 PORT command successful. ---> LIST

150 Opening ASCII mode data connection for file list. drwx--- 3 slacker users 104 Jul 27 01:45 public_html 226 Transfer complete. ftp> quit ---> QUIT 221 Goodbye. Port = (14*256)+178=3762

FTP: Passive Mode

the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server.

• When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). • The first port contacts the server on port 21, but instead

of sending a PORT command the client will send the PASV command.

• The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client.

• The client then initiates the connection from port N+1 to port P on the server to transfer data.

FTP: Passive Mode (Firewall)

• To support passive mode, the firewall of the

server has to implement the following rules:

– FTP server's port 21 from anywhere (Client initiates connection)

– FTP server's port 21 to ports > 1024 (Server responds to client's control port)

– FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)

– FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)

FTP Passive Mode

FTP Passive Mode: dialog example

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2 Connected to testbox2.slacksite.com.

220 testbox2.slacksite.com FTP server ready. Name (testbox2:slacker): slacker ---> USER slacker 331 Password required for slacker. Password: TmpPass ---> PASS XXXX 230 User slacker logged in. ---> SYST

215 UNIX Type: L8 Remote system type is UNIX. Using binary mode to transfer files. ftp> passive

Passive mode on. ftp> ls

ftp: setsockopt (ignored): Permission denied ---> PASV

227 Entering Passive Mode (192,168,150,90,195,149). ---> LIST

150 Opening ASCII mode data connection for file list drwx--- 3 slacker users 104 Jul 27 01:45 public_html 226 Transfer complete.

ftp> quit

FTP: Active vs Passive Mode

Active FTP:

command: client (>1024)

server 21

data:

client (>1024) 



 server 20



Passive FTP:

FTP: Active vs Passive Mode

detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side.

• Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

FTP commands, responses

Sample commands:

• sent as ASCII text over control channel • USER username • PASS password • LISTreturn list of file in

current directory • RETR filename

retrieves (gets) file • STOR filenamestores

(puts) file onto remote host

Sample return codes

• status code and phrase (as in HTTP) • 331 Username OK, password required • 125 data connection already open; transfer starting • 425 Can’t open data

connection

• 452 Error writing file

Access Control Commands

USER

specify user

PASS

specify password

CWD

change directory

CDUP

change directory to parent

QUIT

logout

Transfer Commands

PORT

publish local data port

PASV

server should listen

TYPE

establish data representation

MODE

establish transfer mode

STRU

establish file structure

Service Commands

RETR

retrieve file

STOR

send file

STOU

send file and save as unique

APPE

send file and append

ABOR

abort previous service command

PWD

print working directory

LIST

transfer list of files over data link

FTP Replies

• All replies are sent over control connection.

• Replies are a single line containing

– 3 digit status code (sent as 3 numeric chars).

– text message.

Data Transfer Modes

•

STREAM: file is transmitted as a stream

of bytes.

•

BLOCK: file is transmitted as a series of

blocks preceded by headers containing

count and descriptor code (EOF, EOR,

restart marker).

•

COMPRESSED: uses a simple

compression scheme - compressed blocks

are transmitted.

Protocolo SMTP

(Email)

Electronic Mail

Three major components:

• user agents. • mail servers.

• simple mail transfer protocol: SMTP.

User Agent

• mail reader.

• composing, editing, reading mail messages.

• e.g., Eudora, Outlook, Netscape Messenger

• outgoing, incoming messages stored on server. user mailbox outgoing message queue mail server user agent user agent user agent mail server user agent user agent mail server user agent SMTP SMTP SMTP

Electronic Mail: mail servers

Mail Servers

• mailboxcontains incoming messages for user • message queueof

outgoing (to be sent) mail messages

• SMTP protocolbetween mail servers to send email messages

– client: sending mail server

– “server”: receiving mail server mail server user agent user agent user agent mail server user agent user agent mail server user agent SMTP SMTP SMTP

Electronic Mail: SMTP

[RFC 821]

• uses TCP to reliably transfer email message from client to server, port 25

• direct transfer: sending server to receiving server • three phases of transfer

– handshaking (greeting) – transfer of messages – closure

• command/response interaction – commands:ASCII text

– response:status code and phrase

• messages must be in 7-bit ASCII

Alice sends a message to Bob

message and “to” [email protected]

2) Alice’s UA sends message to her mail server; message placed in message queue 3) Client side of SMTP opens

TCP connection with Bob’s mail server

4) SMTP client sends Alice’s message over the TCP connection

5) Bob’s mail server places the message in Bob’s mailbox 6) Bob invokes his user agent to

read message (IMAP; POP3)

SMTP Commands

• HELO hostname startup and give your hostname

• MAIL FROM: sender-address mail

• TO: recipient-address

• VRFY address does this address actually exist (verify)

• EXPN address expand this address

• DATA start giving you the body of the mail message • RSET reset state and drop current mail message

• NOOP do nothing

• DEBUG [level] set debugging level

• HELP give me some help please

• QUIT close this connection

Try SMTP interaction for yourself:

•

telnet

smtp_server

25

• see 220 reply from server

• enter HELO, MAIL FROM, RCPT TO, DATA,

QUIT commands

Sample SMTP interaction

S: 220 smtp.isctem.com C: HELO xpto.isctem.com

S: 250 Hello xpto, pleased to meet you C: MAIL FROM: <[email protected]> S: 250 [email protected]... Sender ok C: RCPT TO: <[email protected]>

S: 250 [email protected] ... Recipient ok C: DATA

S: 354 Enter mail, end with "." on a line by itself C: Irene, terás que mudar de clube

C: caso queiras atingir o paraíso…

C: .

S: 250 Message accepted for delivery C: QUIT

S: 221 isctem.com closing connection

SMTP: final words

connections

• SMTP requires message (header & body) to be in 7-bit ASCII • SMTP server uses CRLF.CRLFto determine end of message

Comparison with HTTP:

command/response interaction, status codes • HTTP: each object

encapsulated in its own response msg

• SMTP: multiple objects sent in multipart msg

Mail message format

SMTP: protocol for exchanging email msgs RFC 822: standard for text

message format: • header lines, e.g.,

– To: – From: – Subject: different from SMTP commands! • body

– the “message”, ASCII characters only

header

body

blank line

Message format: multimedia

extensions

• MIME: multimedia mail extension, RFC 2045, 2056 • additional lines in msg header declare MIME content type

From: [email protected] To: [email protected]

Subject: Picture of yummy crepe. MIME-Version: 1.0

MIME types

Content-Type: type/subtype; parameters

Text

Image

Audio

Video

Application

• other data that must be processed by reader before “viewable” • example subtypes: msword, octet-stream

Multipart Type

Subject: Picture of yummy crepe. MIME-Version: 1.0

Content-Type: multipart/mixed; boundary=StartOfNextPart --StartOfNextPart

Dear Bob, Please find a picture of a crepe. --StartOfNextPart

Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data ... ... ...base64 encoded data --StartOfNextPart Do you want the recipe?

Mail access protocols

• SMTP: delivery/storage to receiver’s server • Mail access protocol: retrieval from server

–POP: Post Office Protocol [RFC 1939]

• authorization (agent <-->server) and download –IMAP: Internet Mail Access Protocol [RFC 1730]

• more features (more complex) • manipulation of stored msgs on server –HTTP: Hotmail , Yahoo! Mail, etc.

user agent sender’s mail server user agent SMTP SMTP _access protocol receiver’s mail server

POP3 protocol (port 110)

authorization phase

• client commands: –user:declare username –pass:password • server responses

–+OK

–-ERR

transaction phase, client: • list:list message numbers • retr:retrieve message by

number • dele:delete • quit C: list S: 1 498 S: 2 912 S: . C: retr 1 S: <message 1 contents> S: . C: dele 1 C: retr 2 S: <message 1 contents> S: . C: dele 2 C: quit

S: +OK POP3 server signing off

S: +OK POP3 server ready C: user bob

S: +OK C: pass hungry

S: +OKuser successfully logged on

POP3 and IMAP

POP3

• Previous example uses “download and delete” mode.

• Bob cannot rread e-mail if he changes client. • “Download-and-keep”: copies of messages on different clients. • POP3 is stateless across sessions. IMAP

• Keep all messages in one place: the server. • Allows user to organize

messages in folders. • IMAP keeps user state

across sessions: – names of folders and

mappings between message IDs and folder name

IMAP

• Fully compatible with Internet messaging standards, e.g. MIME.

• Allow message access and management from more than one computer.

• Allow access without reliance on less efficient file access protocols.

• Provide support for "online", "offline", and "disconnected" access modes *

• Support for concurrent access to shared mailboxes • Client software needs no knowledge about the server's