CDUP
The CDUP command changes the current working directory to its parent directory. It is equivalent to the CD .. command in MS-DOS. Indeed, entering CD .. into the command-line FTP client included with Windows NT will cause it to issue a CDUP command to the server.
This command is considered optional in the FTP standards–any client could perform the equivalent of the CDUP command by issuing a CWD command to the absolute path of the parent directory of the current working directory or by issuing the CWD .. command.
PASV
The PASV command is used when the client wishes to connect to the server to transfer data. This is the method the majority of FTP clients use to transfer data. The server normally returns a 227 message, which includes information about the IP address of the FTP server and the port number to connect to. This command takes no arguments.
PORT
The PORT command is used to set the data communication port and IP address. The argument is somewhat counterintuitive: It is composed of both the IP address and the TCP port number, broken into eight-bit fields and separated by commas. The IP address is obvious when examining this command, but most people will need to pull out a calculator to compute the TCP port number. For example, the command:
PORT 10,10,3,17,14,255
means that the IP address 10.10.3.17 should be used with the TCP port number 3839. To calculate the TCP port number, use the formula b5 * 256 + b6, where b5 and b6 are the fifth and sixth bytes respectively. In this case, b5 would be 14 and b6 would be 255.
TYPE
Most FTP clients and servers support transferring files either as ASCII text or as binary. To change types, send one of these two commands:
TYPE A
TYPE I
The argument A means an ASCII file will be transmitted. The argument I means a file image will be transmitted. It is always safe to send a file as an image. Two other types of transfers, E and L, are not commonly used.
Less Common Commands
XCUP, XCWD, XMKD, XPWD, XRMD
These five commands are equivalent in use and function to the commands CDUP, CWD, MKD, PWD, and RMD. They were created in RFC 775, long before the final standards for FTP were written. They are supported by modern FTP servers for backward-compatibility purposes and are rarely used in practice.
ACCT (ACCOUNT INFORMATION)
The ACCT command is used to specify additional information about a user account, above and beyond the USER and PASS commands. If the server responds to the PASS command (or any other command, for that matter) with a 332 message, the user must send the ACCT command with an argument that has some meaning to the server. Nobody ever uses this command.
MODE
FTP can use three transfer modes to transfer data: Stream, Block, and Compressed. Almost all FTP Servers use the Stream method of transferring data. In fact, Microsoft’s IIS does not allow any other mode to be selected! Nonetheless, the command is supported. The format for this command is:
MODE S
APPE (APPEND)
The APPE command works almost exactly like the STOR command, except that the destination file is appended to rather than overwritten. If the file does not already exist, a new file is created. FTP is very rarely used for this type of operation, but most FTP clients that support uploading support the append operation.
REIN (REINITIALIZE)
The REIN command is a shortcut, accomplishing the same thing as quitting an FTP session, reestablishing it, and logging on as a different user. The REIN command works similarly to QUIT, except that the TCP connection is not terminated. After issue of the REIN command, the USER and PASS commands must be issued before normal FTP commands can be used.
STOU (STORE UNIQUE)
The STOU command is similar to the STOR command, except that a filename is not provided as an argument. The FTP server is responsible for receiving the file and assigning a name that is not already used by another file in the directory. Nobody ever uses this command, but IIS and all the popular Web servers support it.
ALLO (ALLOCATE)
Another command nobody actually uses, the ALLO command is intended to notify the server to reserve a certain amount of space before a file is uploaded. Most FTP servers, including Microsoft’s IIS, simply respond with a positive acknowledgment, regardless of the amount of space they have available.
NLST (NAME LIST)
The NLST command is similar in usage and function to the LIST command, except that it only returns the names of files within a directory. In other words, it filters out subdirectories from the list before returning it to the client.
SITE (EXECUTE SITE COMMAND)
The SITE command executes a server system–dependent command. The arguments available to this command vary from server to server. Issue the SITE HELP command to determine the commands available on a particular FTP server. The server will return a list of arguments that can be issued.
Spying on Microsoft, Spying on You?
An interesting command that is implemented in Microsoft’s FTP server is the SITE STATS command. This command returns a list of commands that have been issued to the server and the number of times they have been used. For example, the SITE STATS command, when sent to ftp.microsoft.com, returns:
Interesting, eh? From this information you can see that more than six million FTP connections have been established to ftp.microsoft.com since it was last restarted. I don’t know about you, but this makes me nervous–Microsoft might not mind sharing this information with the rest of the Internet, but I don’t want everyone knowing what I’m doing on my server! It would be a simple task to write a program that would execute this command against a competitor’s FTP site on a regular basis, and chart their FTP traffic. (I do not recommend anyone try this!)
To make matters worse, SITE commands are not logged to the FTP log file, so the only way to determine if people are executing the SITE STATS command against your server is to execute SITE STATS against your own server and see!
So how do you disable this “feature” of your FTP server? To my knowledge, you can’t! I haven’t been able to find any references to it in Microsoft’s knowledge base, and there doesn’t seem to be any documentation on the command. Nonetheless, it provides a useful insight into how an FTP site is used: The SITE STATS command provides information that cannot be gathered through any other mechanism, even Performance Monitor.
STAT (STATUS)
The STAT command returns information about the current server. This information is returned as part of a 211 status code, and the results are very similar, regardless of the server software. It is an excellent way to find out what version of software an FTP server is using. For example, here is information an FTP server might return:
211-server-name Microsoft Windows NT FTP Server status:
Version 4.0
Connected to d10.dial-14.idgbooks.com
Logged in as elvis
TYPE: ASCII, FORM: Nonprint; STRUcture: File; transfer MODE:
STREAM
No data connection
211 End of status.
As you can see from this information, the Web server is running Microsoft’s FTP Server version 4.0. You can determine what username the connection was authenticated with and whether any data is currently being transferred.
HELP (HELP)
Although useful, the HELP command is rarely used today. It is more useful for people who may Telnet directly into an FTP server and may forget the various commands available–intelligent FTP clients provide help files on the client side and hide the commands available from the user. The HELP command can be used without any arguments, in which case the server generally provides a list of commands available. It can also take any of the commands as an argument, in which case it returns a more detailed description of the specific command. For example, the command:
HELP STOR
returns information to the user about using the STOR command.
SMNT (STRUCTURE MOUNT)
This command is intended to allow a user to mount a different file system than the current file system at the server. It is not implemented in IIS and is rarely, if ever, used elsewhere.
FTP Server Replies
Similar to HTTP Server replies, FTP replies are three-digit numeric codes categorized by the first digit. Unlike with HTTP, both the first and second digits of an FTP reply code are categorized. Table 17-1 gives a summary of the first-digit codes; Table 17-2 gives a summary of the second-digit codes.
If the first digit is 1, the message is indicating that a command is being processed but the server is not yet ready to process another command. If the first digit is 2, a command has been processed successfully. If the first digit is 3, the command issued by the client was accepted and more information is expected from the client before the server can continue. A first digit of 4 indicates a “transient negative completion” reply, meaning that the error state is only temporary and will soon be resolved. Finally, if the first digit of the response is 5, there was some problem and the requested action could not be completed.
The second digit of the FTP message categorizes the message in greater detail. If the second digit is zero, the information contained in the reply relates to the syntax of the command the server is replying to. For example, the server may respond with a “503 Bad sequence of commands” error message if the RNTO (Rename To) command is issued without a RNFR (Rename From) command first being issued. Similarly, if the server simply wishes to acknowledge that the syntax is okay and the command was understood, the message 200 is used.
A second digit of 1 indicates that the message is informational. For example, replies to the HELP command use the 214 message, and replies to the SYST command (to retrieve system information) use the 215 message.
A second digit of 2 indicates that the message relates to the communication stream in some way. When the FTP Control connection is first established, the user-PI is greeted with a 220 reply from the server. Similarly, when a server acknowledges a successful data transfer, it responds with a 225 message.
When 3 is the second digit of a server reply message, it relates to authentication in some way. For example, 331 confirms a user’s username, 230 confirms a user’s password and logon, and 530 indicates that the user’s username and password are invalid.
You should never see replies with the second digit set to the number 4–these are reserved for future use.
The second digit of the server reply code is set to 5 to indicate that the reply message relates to the server’s file system. For example, if file and/or directory permissions on the FTP server do not allow the user to perform the action requested (such as creating a directory in a read-only virtual directory), the server responds with a “550 Access Denied” message. Responses to the CWD and PWD commands (250 and 257, respectively) also use this format.
There are simply too many possible combinations to describe each one in detail in this book. For a complete description of each response, please refer to RFC 959. I have made an effort to give you the information you need to troubleshoot FTP problems with a network analyzer and to code, from scratch, an FTP client.
The following table, Table 17-3, lists some of the most common FTP server replies.
SUMMARY
This chapter discussed several FTP servers and how they handle different portions of the FTP standards, particularly Microsoft’s Internet Information Server. The other half of the equation, the clients, is covered as well.
You have learned the following:
FTP is and will continue to be commonly used on the Internet to transfer files.
FTP uses two separate TCP sessions during a conversation. One session, called the FTP Control channel, is used for authentication and initiates file transfers. The second session, called the FTP Data channel, is used to actually transfer the files.
The most common type of FTP transfer is an anonymous Web browser request.
The FTP Control channel uses clear-text commands and responses that may be intercepted and easily interpreted with a sniffer. They can also be issued manually to an FTP server using Telnet.
In the next chapter, you’ll learn how proxy servers can allow private networks to safely and efficiently access the public Internet. Chapter 18 will provide an overview of the different types of proxy servers, as well as the specific products available for use on Windows NT networks. The two most popular Windows NT–based proxy servers, Microsoft Proxy Server and Netscape Proxy Server, are compared and contrasted.
Master SharePoint with 3 eLearning Seminars Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!
SharePointConnections Conference Fall 2008 Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).
VMworld 2008 - Sign Up Today! Join your peers on September 15-18 at The Venetian Hotel in Las Vegas as VMware hosts VMworld 2008, the leading Virtualization event.
Microsoft® Tech•Ed EMEA 2008 IT Professionals Advance your thinking with new ideas and practical real-world solutions at Microsoft’s FIVE day technical infrastructure conference 3-7 Nov., 2008. Register before 26 September 2008 to save €300.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
Are You Really Compliant with Software Regulations? View this web seminar that will help you with compliance best practices and check out a management solution to assure that you won’t be in jeopardy of an audit.
Windows IT Pro
Register
