Information About The Iis File Transmission Protocol
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Information About The Iis File Transmission Protocol as PDF for free.
More details
- Words: 989
- Pages: 4
Information about the IIS File Transmission Protocol (FTP) Service Internet Information Server (IIS) with File Transmission Protocol (FTP) installed supports the following connection types:
Active-mode FTP Passive-mode FTP The IIS-based FTP service (MSFTPSVC) supports both active and passive mode connections, depending on the method that is specified by the client. IIS does not support disabling either active or passive mode connections, due to the lack of such a feature in RFC 959. Unlike HTTP and most other protocols used on the Internet, the FTP protocol uses a minimum of two connections during a session: a half-duplex connection for control, and a full-duplex connection for data transfer. By default, TCP port 21 is used on the server for the control connection, but the data connection is determined by the method that the client uses to connect to the server. Active-mode FTP Connections Active-mode FTP is sometimes referred to as "client-managed" because the client sends a PORT command to the server (over the control connection) that requests the server to establish a data connection from TCP Port 20 on the server, to the client, using the TCP port that is specified by the PORT command. The FTP client sends the PORT command to the FTP server in the following format: PORT 192,168,0,3,19,243 where the first four comma-seperated values correspond to the octets of the client's IP address, and the fifth and sixth values are the high- and low-order bits of the 16bit port number. To convert the high- and low-order bits into a (decimal) port number, multiply the fifth value by 256 and add the sixth value to it. In the example above, the TCP port (in decimal) is (256 x 19) + 243 = 5107, so the client is instructing the server to open a data connection to 192.168.0.3:5107. By default, the FTP client chooses an ephemeral port for the data connection port. An ephemeral port is a port that is randomly chosen from the available ports between 1024 and 65535. NOTE: In Windows NT 4.0 and Windows 2000, the valid default ephemeral port range is 1024-5000. Increasing the ephemeral range in Windows NT 4.0 and Windows 2000 requires adding a value to the system registry. For additional information on increasing the default ephemeral range, click the article number below to view the article in the Microsoft Knowledge Base: 196271 Unable to Connect from TCP Ports Above 5000
The following is a typical sequence for an active-mode FTP connection: Instruction
Sent From
Sent To
USER MyUserName
192.168.4.29:8190 10.0.0.10:21
PASS MyPassword
192.168.4.29:8190 10.0.0.10:21
CWD /
192.168.4.29:8190 10.0.0.10:21
250 CWD command successful. 10.0.0.10:21 PORT 192,168,4,29,31,255
192.168.4.29:8190
192.168.4.29:8190 10.0.0.10:21
200 PORT command successful. 10.0.0.10:21
192.168.4.29:8190
LIST
192.168.4.29:8190 10.0.0.10:21
10.0.0.10:20
192.168.4.29:8191
226 Transfer complete.
10.0.0.10:21
192.168.4.29:8190
Passive-mode FTP Connections Passive-mode FTP is sometimes referred to as "server-managed", because after the client issues a PASV command, the server responds to that PASV instruction with one of its ephemeral ports that will be used as the server-side port of the data connection. After a data connection command is issued by the client, the server connects to the client using the port immediately above the client-side port of the control connection. The following is a typical sequence for a passive-mode FTP connection: Instruction
Sent From
Sent To
USER MyUserName
192.168.4.29:7971 10.0.0.10:21
PASS MyPassword
192.168.4.29:7971 10.0.0.10:21
CWD /
192.168.4.29:7971 10.0.0.10:21
250 CWD command successful.
10.0.0.10:21
PASV
192.168.4.29:7971 10.0.0.10:21
227 Entering Passive Mode
10.0.0.10:21
192.168.4.29:7971
192.168.4.29:7971
(192,168,4,29,9,227). LIST
192.168.4.29:7971 10.0.0.10:21
10.0.0.10:2531
192.168.4.29:7972
226 Transfer complete.
10.0.0.10:21
192.168.4.29:7971
Common Problems Encountered With FTP The most common problem encountered when you use FTP over the Internet results when you attempt transfers through a Network Boundary Securing Device (NBSD) such as a proxy, firewall, or Network Address Translation (NAT) device. In most cases the NBSD allows the control connection to be established over TCP 21 (that is, the user can successfully log on to the FTP server), but when the user attempts a data transfer such as DIR, LS, GET, or PUT, the FTP client appears to stop responding because the NBSD is blocking the data connection port that is specified by the client. If the NBSD supports logging, you can verify port blocking by reviewing the deny/reject logs on the NBSD. In addition to causing problems for NBSD administrators, FTP is commonly misunderstood as a secure means for transferring data, because the FTP server can be configured to require a valid username and password combination prior to granting access. Users should be aware that neither the credentials specified at logon nor the data itself is encrypted or encoded in any way. All FTP data can be easily intercepted and analyzed by any station on any network between the FTP client and FTP server. FTP Clients Provided by Microsoft The following table lists the FTP clients provided by Microsoft, and the connection mode that each client supports: FTP Client
Transfer Mode
Command-line
Active (non-passive)
Internet Explorer 5.1 and earlier
Passive
Internet Explorer 5.5 and later
Both
FrontPage ver.1.1 to Windows XP Active File Transfer Alternatives Because of the NBSD configuration issues and security concerns with FTP, several alternatives to standard FTP are used. One common alternative to FTP is the use of HTTP as a file transfer method, because most firewalls allow HTTP connections over
TCP 80 and HTTPS connections over TCP 443. Although Microsoft has supported HTTP-based file transfers for several years in products such as the FrontPage Server Extensions and the Posting Acceptor, the recognized standard for HTTP file transfers is WebDAV, the HTTP extensions for distributed authoring and versioning. Defined by RFC 2518, WebDAV is built into IIS 5.0, and allows the user to use WebDAV shares (that is, folders that are published on a WebDAV-enabled Web server) in much the same way that network shares are used, provided that the connection is made by a client that is capable of communicating with WebDAV (such as Internet Explorer 5.0 and later).
Active-mode FTP Passive-mode FTP The IIS-based FTP service (MSFTPSVC) supports both active and passive mode connections, depending on the method that is specified by the client. IIS does not support disabling either active or passive mode connections, due to the lack of such a feature in RFC 959. Unlike HTTP and most other protocols used on the Internet, the FTP protocol uses a minimum of two connections during a session: a half-duplex connection for control, and a full-duplex connection for data transfer. By default, TCP port 21 is used on the server for the control connection, but the data connection is determined by the method that the client uses to connect to the server. Active-mode FTP Connections Active-mode FTP is sometimes referred to as "client-managed" because the client sends a PORT command to the server (over the control connection) that requests the server to establish a data connection from TCP Port 20 on the server, to the client, using the TCP port that is specified by the PORT command. The FTP client sends the PORT command to the FTP server in the following format: PORT 192,168,0,3,19,243 where the first four comma-seperated values correspond to the octets of the client's IP address, and the fifth and sixth values are the high- and low-order bits of the 16bit port number. To convert the high- and low-order bits into a (decimal) port number, multiply the fifth value by 256 and add the sixth value to it. In the example above, the TCP port (in decimal) is (256 x 19) + 243 = 5107, so the client is instructing the server to open a data connection to 192.168.0.3:5107. By default, the FTP client chooses an ephemeral port for the data connection port. An ephemeral port is a port that is randomly chosen from the available ports between 1024 and 65535. NOTE: In Windows NT 4.0 and Windows 2000, the valid default ephemeral port range is 1024-5000. Increasing the ephemeral range in Windows NT 4.0 and Windows 2000 requires adding a value to the system registry. For additional information on increasing the default ephemeral range, click the article number below to view the article in the Microsoft Knowledge Base: 196271 Unable to Connect from TCP Ports Above 5000
The following is a typical sequence for an active-mode FTP connection: Instruction
Sent From
Sent To
USER MyUserName
192.168.4.29:8190 10.0.0.10:21
PASS MyPassword
192.168.4.29:8190 10.0.0.10:21
CWD /
192.168.4.29:8190 10.0.0.10:21
250 CWD command successful. 10.0.0.10:21 PORT 192,168,4,29,31,255
192.168.4.29:8190
192.168.4.29:8190 10.0.0.10:21
200 PORT command successful. 10.0.0.10:21
192.168.4.29:8190
LIST
192.168.4.29:8190 10.0.0.10:21
10.0.0.10:20
192.168.4.29:8191
226 Transfer complete.
10.0.0.10:21
192.168.4.29:8190
Passive-mode FTP Connections Passive-mode FTP is sometimes referred to as "server-managed", because after the client issues a PASV command, the server responds to that PASV instruction with one of its ephemeral ports that will be used as the server-side port of the data connection. After a data connection command is issued by the client, the server connects to the client using the port immediately above the client-side port of the control connection. The following is a typical sequence for a passive-mode FTP connection: Instruction
Sent From
Sent To
USER MyUserName
192.168.4.29:7971 10.0.0.10:21
PASS MyPassword
192.168.4.29:7971 10.0.0.10:21
CWD /
192.168.4.29:7971 10.0.0.10:21
250 CWD command successful.
10.0.0.10:21
PASV
192.168.4.29:7971 10.0.0.10:21
227 Entering Passive Mode
10.0.0.10:21
192.168.4.29:7971
192.168.4.29:7971
(192,168,4,29,9,227). LIST
192.168.4.29:7971 10.0.0.10:21
10.0.0.10:2531
192.168.4.29:7972
226 Transfer complete.
10.0.0.10:21
192.168.4.29:7971
Common Problems Encountered With FTP The most common problem encountered when you use FTP over the Internet results when you attempt transfers through a Network Boundary Securing Device (NBSD) such as a proxy, firewall, or Network Address Translation (NAT) device. In most cases the NBSD allows the control connection to be established over TCP 21 (that is, the user can successfully log on to the FTP server), but when the user attempts a data transfer such as DIR, LS, GET, or PUT, the FTP client appears to stop responding because the NBSD is blocking the data connection port that is specified by the client. If the NBSD supports logging, you can verify port blocking by reviewing the deny/reject logs on the NBSD. In addition to causing problems for NBSD administrators, FTP is commonly misunderstood as a secure means for transferring data, because the FTP server can be configured to require a valid username and password combination prior to granting access. Users should be aware that neither the credentials specified at logon nor the data itself is encrypted or encoded in any way. All FTP data can be easily intercepted and analyzed by any station on any network between the FTP client and FTP server. FTP Clients Provided by Microsoft The following table lists the FTP clients provided by Microsoft, and the connection mode that each client supports: FTP Client
Transfer Mode
Command-line
Active (non-passive)
Internet Explorer 5.1 and earlier
Passive
Internet Explorer 5.5 and later
Both
FrontPage ver.1.1 to Windows XP Active File Transfer Alternatives Because of the NBSD configuration issues and security concerns with FTP, several alternatives to standard FTP are used. One common alternative to FTP is the use of HTTP as a file transfer method, because most firewalls allow HTTP connections over
TCP 80 and HTTPS connections over TCP 443. Although Microsoft has supported HTTP-based file transfers for several years in products such as the FrontPage Server Extensions and the Posting Acceptor, the recognized standard for HTTP file transfers is WebDAV, the HTTP extensions for distributed authoring and versioning. Defined by RFC 2518, WebDAV is built into IIS 5.0, and allows the user to use WebDAV shares (that is, folders that are published on a WebDAV-enabled Web server) in much the same way that network shares are used, provided that the connection is made by a client that is capable of communicating with WebDAV (such as Internet Explorer 5.0 and later).
Related Documents
Information About The Iis File Transmission Protocol
November 2019 7
Transmission Control Protocol (tcp)
June 2020 7
Transmission Control Protocol
November 2019 33
Iis
October 2019 36
All About Transmission Lines1
November 2019 33