FTP History 101 File transfer and...
Transcript of FTP History 101 File transfer and...
1
CS242 Computer Networks Department of Computer Science Wellesley College
File transfer and e-mail FTP and SMTP protocols
o The original specification for the File Transfer Protocol was written by Abhay Bhushan (RFC 114, April 1971).
o It ran on NCP until 1980* when it was replaced by a TCP/IP version (RFC 114).
FTP and SMTP 4-2
FTP History 101
*Flag day.
FTP and SMTP 4-3
File Transfer Protocol (FTP)*
o Like HTTP, FTP is a file transfer protocol and shares many common characteristics. However, there are some important differences.
*Fetch on the Mac and Winsock on the PC. FTP and SMTP 4-4
FTP and HTTP o FTP, like HTTP, runs on top of TCP. o However, unlike HTTP, FTP uses two parallel TCP
connections to transfer a file, a control connection and a data connection. We say FTP sends its control information out-of band.
o Also unlike HTTP, FTP maintains state. In particular, FTP remembers the current directory and earlier authentication.
2
Control and data connection o When a user starts an FTP
session, the client side of FTP initiates a control TCP connection with the server.
o When the server receives a command for a file transfer, it initiates a TCP data connection. to the client side.
o The control connect stays open. The data connection stays open for one file only.
FTP and SMTP 4-5 FTP and SMTP 4-6
FTP commands*, responses** Sample commands: sent as ASCII text over
control channel USER username PASS password LIST return list of file in
current directory RETR filename retrieves
(gets) file STOR filename stores
(puts) file onto remote host
Sample return codes status code and phrase (as in
HTTP) 331 Username OK,
password required 125 data connection
already open; transfer starting
425 Can’t open data connection
452 Error writing file
*Four uppercase 7-bit ASCII characters followed by some optional arguments. **Replies are three-digit numbers with optional message.
Web browser support o Most web browser can retrieve files hosted on FTP servers.
FTP URL syntax is described in RFC1738: ftp://[<user>[:<password>]@]<host>[:<port>]/<url-path>
o For example,
FTP and SMTP 4-7
Innocence abroad o A host that provides an
FTP service may provide anonymous FTP access.
o Users log into the service with an ‘anonymous’ account with prompted for a user name.
o Users may be asked to send their email address instead of a password, but no verification is performed.
FTP and SMTP 4-8
3
Danger Will Robinson o FTP was not designed to be
a secure protocol and it isn’t.
o It is not able to encrypt its traffic; all transmissions are in clear text, and usernames, passwords, commands and data can be easily read by anyone able to perform packet capture
o Exploits include: Offline password cracking, spoof attacks; and bounce attacks.
FTP and SMTP 4-9
Getting by in a dangerous world o Explicit SFTP is an
extension to the FTP standard that allows clients to request that the FTP session be encrypted. This is done by sending the "AUTH TLS" command.
o SFTP, SSH* File Transfer Protocol, is not related to FTP except that it also transfers files and has a similar command set for users.
FTP and SMTP 4-10
*More later in the semester.
o In 1971 Ray Tomlinson sent the first successful email from one computer, to another sitting right next to it – through ARPANET.
o He used the @ sign to delineate what host the user receiving the message was on.
o Tomlinson can’t remember his first message but stated it was “QWERTYUIOP or something similar.”
FTP and SMTP 4-11
email: The killer app of the seventies You’ve got mail o Like ordinary mail (and
unlike either the HTTP or FTP), e-mail is asynchronous.
o It has three major components: User agents; mail servers; and Simple Mail Transfer Protocol (SMTP).
FTP and SMTP 4-12
4
FTP and SMTP 4-13
Electronic mail in the Internet
User agents allow users read, reply, forward, save, and compose messages.
*Currently, our browser acts as a user agent. Formerly, we used a proprietary agent from FirstClass. FTP and SMTP 4-14
Servers form the core Each recipient has a mailbox located in
one of the mail servers.
FTP and SMTP 4-15
SMTP*
SMTP (Simple Mail Transfer Protocol,
is the principal application-layer
protocol for Internet electronic
mail.
Like HTTP, SMTP has a client and
server side. Both sides run on every
server.
*Something of a legacy technology (RFC 1982), SMTP requires body of all mail messages to be in simple seven-bit ASCII. FTP and SMTP 4-16
Alice sends Bob a message
5
FTP and SMTP 4-17
Alice sends Bob a message Alice invokes her user
agent, provides Bob's address, composes message, and
instructs user agent to send.
FTP and SMTP 4-18
Alice sends Bob a message Alice's user agent sends
the message to her mail server, where it is placed in
message queue
FTP and SMTP 4-19
Alice sends Bob a message Client side of SMTP,
running on Alice's server sees message, opens TCP
connection to SMTP server on Bob's mail server
FTP and SMTP 4-20
Alice sends Bob a message
After initial SMTP handshaking. SMTP client sends Alices's
message into TCP connection
6
FTP and SMTP 4-21
Alice sends Bob a message
At Bob’s mail server, the server side of SMTP
receives message
and puts it into Bob’s mailbox
FTP and SMTP 4-22
Alice sends Bob a message
Bob invokes his user agent to read the
message
FTP and SMTP 4-23
Sample SMTP interaction [rshull@tempest ~] telnet ALT2.ASPMX.L.GOOGLE.COM 25Trying 74.125.136.27...Connected to ALT2.ASPMX.L.GOOGLE.COM.Escape character is '^]'.220 **********************************************HELO wellesley.edu250 mx.google.com at your serviceMAIL FROM:<[email protected]>250 2.1.0 OK q9si11377440wiv.93 - gsmtpRCPT TO:<[email protected]>250 2.1.5 OK q9si11377440wiv.93 - gsmtpDATA354 Go ahead q9si11377440wiv.93 - gsmtpFROM: Randy Shull <[email protected]>TO: Randy Shull <[email protected]>SUBJECT: Using telnet to email yourself
I used telnet!.250 2.0.0 OK 1439384221 q9si11377440wiv.93 - gsmtpQUIT221 2.0.0 closing connection q9si11377440wiv.93 - gsmtpConnection closed by foreign host.
FTP and SMTP 4-24
SMTP message format
header
body
blank line
From: [email protected] To: [email protected] Subject: Home again
The message in ASCII Characters only
*Header lines are part of the message and are different from the SMTP protocol commands we’ve just seen.
7
Only spoofing [rshull@tempest ~]$ telnet ALT2.ASPMX.L.GOOGLE.COM 25Trying 209.85.203.27...Connected to ALT2.ASPMX.L.GOOGLE.COM.
Escape character is '^]'.220 ***********************************************HELO wellesley.edu250 mx.google.com at your serviceMAIL FROM: <[email protected]>250 2.1.0 OK h33si1099667edh.158 - gsmtp
RCPT TO: <[email protected]>250 2.1.5 OK h33si1099667edh.158 - gsmtpDATA354 Go ahead h33si1099667edh.158 - gsmtpFROM: President Johnson <[email protected]>TO: Randy Shull <[email protected]>
SUBJECT:Raising your salaryIn recognition of your excellent teaching and research I hereby double your salary./Paula.
FTP and SMTP 4-25
Show original Delivered-To: [email protected]: by 10.103.72.135 with SMTP id c7csp5959962vsg; Thu, 29 Jun 2017 08:58:56 -0700 (PDT)X-Received: by 10.80.220.200 with SMTP id v8mr2212960edk.91.1498751935995;
Thu, 29 Jun 2017 08:58:55 -0700 (PDT) Some authentication signatures hereARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of [email protected] designates 149.130.136.40 as permitted sender) [email protected]; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wellesley.edu
Return-Path: <[email protected]>Received: from wellesley.edu (tempest.wellesley.edu. [149.130.136.40]) by mx.google.com with SMTP id h33si1099667edh.158.2017.06.29.08.57.40 for [email protected];
Thu, 29 Jun 2017 08:58:55 -0700 (PDT) More authentication stuff hereDate: Thu, 29 Jun 2017 08:58:55 -0700 (PDT)Message-Id: <[email protected]>
FROM: President Johnson <[email protected]>TO: Randy Shull <[email protected]>SUBJECT:Raising your salaryIn recognition of your excellent teaching and research I hereby double your salary./Paula
FTP and SMTP 4-26
FTP and SMTP 4-27
Comparing HTTP & SMTP o Both transfer files using
persistent connections on top of TCP.
o HTTP is mainly a pull protocol, while SMTP is a push protocol.
o SMTP requires each message to be 7-bit ASCII.
o HTTP encapsulates each object in its own HTTP message. SMTP places all objects in one message.
FTP and SMTP 4-28
Problem: How do we send attachments?
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data ..... ......................... ......base64 encoded data
multimedia data type/subtype
parameters
method used to encode data
MIME* version
encoded data
*Multipurpose Internet Mail Extensions.
8
FTP and SMTP 4-29
Base64 encoding
6 bits
0 0 1 0 1 1
6 bits
0 0 1 0 1 1
6 bits
0 0 1 0 1 1
6 bits
0 0 1 0 1 1
8 bits 8 bits 8 bits
Binary input is processed in blocks of 3 octets, or 24 bits.
Each 6 bits in the 24-bit block is mapped to a printable ASCII character
FTP and SMTP 4-30
Base64 ER
Content-Type: image/jpeg; name="rshull.jpg"Content-Disposition: attachment; filename="rshull.jpg"Content-Transfer-Encoding: base64X-Attachment-Id:
9j4RC6RXhpZgAATU0AKgAAAAgACQESAAMAAAABAAEAAAESAAMAAAABAAEAAAEaAAUAAAABAAAAegEbAAUAAAABAAAAggEoAAMAAAABAAIAAAExAAIAAAAOAAAAigEyAAIAAAAUAAAAmAE8AAIAAAAQAAAArAITAAMAAAABAAEAAAAAALwASAAAAAEAAABIAAAAAQAAUXVpY2tUaW1lIDcuNQAyMDA4OjA5OjA5IDA5OjQxOjM0AE1hYyBPUyBYIDEwLjUuNAAABwEDAAMAAAABAAYAAAEaAAUAAAABAAABFgEbAAUAAAABAAABHgEoAAMAAAABAAIAAAIBAAQAAAABAAABJgICAAQAAAABAAAPjAITAAMAAAABAAEAAAAAAAAASAAAAAEAAABIA
. . .
FTP and SMTP 4-31
Common MIME types Content-Type: type/subtype; parameters
o Video quicktime
o Application msword; octet-stream
o Text plain; html
o Image jpeg; gif
o Audio basic; 32kadpcm
For example, Text/plain; charset=us-ascii or text/plain; charset= "ISO-8859-1"
Type = Text Subtype = plain
Parameters modifying subtype
FTP and SMTP 4-32
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=StartOfNextPart --StartOfNextPart Dear Bob, Please find a picture of a crepe. --StartOfNextPart Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data ..... ......................... ......base64 encoded data --StartOfNextPart Do you want the recipe?
Multipart type SMTP places all objects in the same message; a
special MIME type is used to tell them apart
Boundary markers are
used to separate objects
9
FTP and SMTP 4-33
Unanswered questions o Alice user agent uses SMTP to push e-mail to her mail
server. o Mail server relays e-mail to Bob. Why the two step? o How does Bob’s user agent obtain his message from Alice?
FTP and SMTP 4-34
Mail access protocols o Since SMTL is a PUSH protocol and Bob wants to PULL his
messages, he needs another application-layer protocol. o There are several to choose from: Post Office Protocol
(POP3); Internet Mail Access Protocol (IMAP); and HTTP.
POP3 protocol
FTP and SMTP 4-35
o POP3 is an extremely simple mail access protocol with rather limited functionality, ...
o ... but it does get the job done.
Example session [w-141-224:~] rshull% telnet fc.wellesley.edu 110Trying 149.130.13.40...Connected to firstclass.wellesley.edu.Escape character is '^]'.+OK POP3 server at firstclass.wellesley.edu ready <[email protected]>user rshull+OK rshull authenticate pleasepass dbsabzb+OK rshull's mailbox has 41 messages (491520 octets)list+OK 41 messages (491520 octets)1 6144…quit+OK firstclass.wellesley.edu POP3 server closing connectionConnection closed by foreign host.
FTP and SMTP 4-36
Protocol begins with the user agent opening
a TCP connection to the mail server
on port 110.
10
Example session [w-141-224:~] rshull% telnet fc.wellesley.edu 110Trying 149.130.13.40...Connected to firstclass.wellesley.edu.Escape character is '^]'.+OK POP3 server at firstclass.wellesley.edu ready <[email protected]>user rshull+OK rshull authenticate pleasepass dbsabzb+OK rshull's mailbox has 41 messages (491520 octets)list+OK 41 messages (491520 octets)1 6144…quit+OK firstclass.wellesley.edu POP3 server closing connectionConnection closed by foreign host.
FTP and SMTP 4-37
Connected!
Example session [w-141-224:~] rshull% telnet fc.wellesley.edu 110Trying 149.130.13.40...Connected to firstclass.wellesley.edu.Escape character is '^]'.+OK POP3 server at firstclass.wellesley.edu ready <[email protected]>user rshull+OK rshull authenticate pleasepass dbsabzb+OK rshull's mailbox has 41 messages (491520 octets)list+OK 41 messages (491520 octets)1 6144…quit+OK firstclass.wellesley.edu POP3 server closing connectionConnection closed by foreign host.
FTP and SMTP 4-38
authorization phase user: declare username pass: password
server responses +OK -ERR
Example session [w-141-224:~] rshull% telnet fc.wellesley.edu 110Trying 149.130.13.40...Connected to firstclass.wellesley.edu.Escape character is '^]'.+OK POP3 server at firstclass.wellesley.edu ready <[email protected]>user rshull+OK rshull authenticate pleasepass dbsabzb+OK rshull's mailbox has 41 messages (491520 octets)list+OK 41 messages (491520 octets)1 6144…quit+OK firstclass.wellesley.edu POP3 server closing connectionConnection closed by foreign host.
FTP and SMTP 4-39
transaction phase list: list message numbers retr: retrieve message by number dele: delete quit
FTP and SMTP 4-40
IMAP and HTTP o POPS is a no frills access
protocol. o IMAP is somewhat more
luxurious. Keep all messages on server; allows users to organize messages into folders; keeps user state across sessions (like FC).
o Alternatively, we could build an e-mail application on top of HTTP (Gmail, FC, … ).