DNS FTP Server FTP Client Console
Port 53 Port 20 Port 21 1030 1175 5001 5002 User
This sequence diagram was generated with EventStudio System Designer (http://www.EventHelix.com/EventStudio).
Here we explore the sequence of interactions in a typical FTP (File Transfer Protocol) session.
The example here illustrates the use of multiple TCP connections by FTP. We will cover how FTP
establishes a telnet TCP connection (TCP Port 21) to control the overall flow of the FTP transfer.
Then we examine the use of TCP Port 20 for establishing TCP connections for
directory transfer and file retrieval.
The complete sequence diagram can be divided into the following steps:
- DNS Query to obtain the IP address for the FTP Server
- FTP Telnet connection setup and login. (USER and PASS commands)
- Obtaining a directory listing (PORT and LIST command)
- Changing directory (CWD command)
- Downloading a file using FTP get (PORT and RETR command)
Copyright © 2013 EventHelix.com Inc. All Rights Reserved.
DNS Query to obtain the IP address for the FTP Server.
Invoke FTP
client with
ftp.any-domain.c
om
Port port
53 DNS Query 1030 The FTP client sends a DNS
recdesired = 1, queries = 1, name = ftp.any-domain.com, query for domain name
type = A, class = IN ftp.any-domain.com
DNS Response The DNS responds back with
recdesired = 1, answers = 1, IP Address the IP address.
FTP Telnet connection setup and login. (USER and PASS commands).
TCP connection establishment over the
control port port
Port 1175
21 TCP SYN FTP client initiates
srcport = 1175, dstport = 21, syn = 1 establishment of the telnet
session TCP connection by
sending a SYN to TCP port 21
TCP SYN+ACK The FTP server responds with
srcport = 21, dstport = 1175, syn = 1, ack = SYN+ACK
1
TCP ACK The client machine responds
srcport = 1175, dstport = 21, ack = 1 with an ACK, this completes the
TCP three way handshake.
Logging in
Display login prompt and get user name
Ftp Ftp
server FTP 220 Client The FTP server then sends a
ftp.response.code = 220, ftp.response.arg = 220 response to indicate that
ANY-DOMAIN.COM FTP Service the FTP server is ready to
Console accept a login.
(User)
Display welcome message
TCP ACK The client machine
srcport = 1175, dstport = 21, ack = 1 acknowledges the FTP 220
TCP packet.
Enter login information
DNS FTP Server FTP Client Console
Port 53 Port 20 Port 21 1030 1175 5001 5002 User
USER ftp User's login name is
transported in a TCP segment.
In this example an anonymous
FTP is being initiated with the
user name "ftp"
TCP ACK
srcport = 21, dstport = 1175, ack = 1
FTP 331 FTP server indicates that
code = 331, arg = Anonymous access anonymous FTP is allowed.
allowed, send identity (e-mail name) as
password.
Display password prompt and complete login
Password prompt
TCP ACK
srcport = 1175, dstport = 21, ack = 1
Password information
PASS abc@any-domain.com User enters his or her e-mail
address as the password. This
password is being transported
by this TCP segment.
TCP ACK
srcport = 21, dstport = 1175, ack = 1
FTP 230 Welcome message after login.
code = 230, arg = Welcome to
ftp.any-domain.com
FTP 230 User login notification.
code = 230, arg = Anonymous user logged
in.
Login successful prompt
TCP ACK
srcport = 1175, dstport = 21, ack = 1
Obtaining a directory listing (PORT and LIST command).
User requests directory listing
dir command
PORT 192.168.0.2 Port 5001 FTP client provides port
number information.
TCP ACK
srcport = 21, dstport = 1175, ack = 1
FTP 200 FTP server positively
code = 200, arg = PORT command acknowledges the PORT
successful. command.
LIST User requests a directory
listing.
seq-251
srcport = 21, dstport = 1175, ack = 1
DNS FTP Server FTP Client Console
Port 53 Port 20 Port 21 1030 1175 5001 5002 User
FTP 150 FTP server notifies the client
ftp.response.code = 150, ftp.response.arg = that it is about to transfer the
Opening ASCII mode data connection for requested listing.
/bin/ls.
Establish data port connection to transfer directory listing
TCP SYN Port 5001 TCP three way handshake for
srcport = 20, dstport = 5001, syn = 1 connection establishment on
port 5001.
TCP SYN+ACK
srcport = 5001, dstport = 20, syn = 1, ack = 1
TCP ACK
srcport = 20, dstport = 5001, ack = 1
Display directory listing
FTP 226 The directory listing completion
ftp.response.code = 226, ftp.response.arg = is signaled by this TCP
Transfer complete. segment.
TCP ACK
srcport = 1175, dstport = 21, ack = 1
TCP ACK
srcport = 20, dstport = 5001, ack = 1
Display directory listing
Release the data port TCP connection on completion of the directory
listing
TCP FIN+ACK FTP server initiates the release
tcp.srcport = 20, tcp.dstport = 5001, tcp.flags.ack = 1, tcp.flags.fin = 1 of the TCP connection used to
transport the directory listing.
TCP ACK
tcp.srcport = 5001, tcp.dstport = 20, tcp.flags.ack = 1
TCP FIN+ACK
tcp.srcport = 5001, tcp.dstport = 20, tcp.flags.ack = 1, tcp.flags.fin = 1
TCP ACK
tcp.srcport = 20, tcp.dstport = 5001, tcp.flags.ack = 1
Changing directory (CWD command).
Change working directory (cwd)
CWD <directory-name> User issues the change
working directory command.
TCP ACK
tcp.srcport = 21, tcp.dstport = 1175,
tcp.flags.ack = 1
250 CWD Successful FTP server positively
code = 250, arg = CWD command acknowledges the Change
successful. Working Directory command.
DNS FTP Server FTP Client Console
Port 53 Port 20 Port 21 1030 1175 5001 5002 User
TCP ACK
tcp.srcport = 1175, tcp.dstport = 21, ack = 1
Downloading a file using FTP get (PORT and RETR command).
Requesting file over the TCP control port
FTP get for readme.txt
PORT 192.168.0.2 Port 5002 FTP client provides port
number information.
TCP ACK
tcp.srcport = 21, tcp.dstport = 1175, ack = 1
PORT 192.168.0.2 Port 5002 FTP client provides port
number information.
RETR readme.txt The user issues an FTP get for
readme.txt.
TCP ACK
tcp.srcport = 21, tcp.dstport = 1175, ack = 1
FTP 150 FTP server acknowledges the
code = 150, arg = Opening ASCII mode data RETR command from the
connection for readme.txt(1715 bytes). client.
Setting up the data TCP connection (3 way handshake)
Port
TCP SYN 5002 Three way handshake for TCP
tcp.srcport = 20, tcp.dstport = 5002, syn = 1, ack = 0, fin = 0 connection on Port 5002.
TCP SYN+ACK
tcp.srcport = 5002, tcp.dstport = 20, syn = 1, ack = 1
TCP ACK
tcp.srcport = 20, tcp.dstport = 5002, ack = 1
Transfering the file over the data TCP connection
FTP DATA TCP segments carrying
tcp.srcport = 20, tcp.dstport = 5002, ack = 1 contents of readme.txt.
FTP DATA
tcp.srcport = 20, tcp.dstport = 5002, ack = 1
TCP ACK
tcp.srcport = 5002, tcp.dstport = 20, ack = 1
FTP DATA TCP segments carrying
tcp.srcport = 20, tcp.dstport = 5002, ack = 1 contents of readme.txt.
FTP DATA
tcp.srcport = 20, tcp.dstport = 5002, ack = 1
TCP ACK
tcp.srcport = 5002, tcp.dstport = 20, ack = 1
Releasing the data TCP connection
DNS FTP Server FTP Client Console
Port 53 Port 20 Port 21 1030 1175 5001 5002 User
FTP DATA+FIN This is the last TCP segment
tcp.srcport = 20, tcp.dstport = 5002, ack = 1, fin = 1 containing data, it also includes
the FIN to initiate the release of
the TCP connection.
TCP ACK
tcp.srcport = 5002, tcp.dstport = 20, ack = 1
TCP FIN+ACK FTP client also initiates the
tcp.srcport = 5002, tcp.dstport = 20, ack = 1, fin = 1 release of the TCP connection.
TCP ACK
tcp.srcport = 20, tcp.dstport = 5002, ack = 1
Signal completion of the FTP over the control port
TCP ACK
tcp.srcport = 1175, tcp.dstport = 21, ack = 1
FTP 226 Signal to the client that the FTP
code = 226, arg = Transfer complete. transfer has been completed.
Display transfer complete indication
TCP ACK
tcp.srcport = 1175, tcp.dstport = 21, ack = 1
Logging out
Quitting the FTP client
Exit FTP client using bye command
QUIT User initiates a "bye" on the
ftp.request.command = QUIT FTP client console. This is
translated to the quit command.
TCP ACK
tcp.srcport = 21, tcp.dstport = 1175, ack = 1
FTP 221
code = 221, arg = Thank you for visiting
ftp.any-domain.com.
TCP ACK
tcp.srcport = 1175, tcp.dstport = 21, ack = 1
Releasing the control TCP connection
TCP FIN Control TCP connection
tcp.srcport = 21, tcp.dstport = 1175, ack = 1, release initiated.
fin = 1
TCP ACK
tcp.srcport = 1175, tcp.dstport = 21, ack = 1,
fin = 1
TCP FIN Control TCP connection
tcp.srcport = 1175, tcp.dstport = 21, ack = 1, release is completed.
fin = 1
TCP ACK
tcp.srcport = 21, tcp.dstport = 1175, ack = 1,
fin = 1
DNS FTP Server FTP Client Console
Port 53 Port 20 Port 21 1030 1175 5001 5002 User
This sequence diagram was generated with EventStudio System Designer (http://www.EventHelix.com/EventStudio).