Difference between ftp,sftp,ftps,tftp

FTP, FTPS and SFTP are the most widely used file transfer protocols in the industry today. All 3 of them are different in terms of the data exchange process, security provisions and firewall considerations. Let’s discuss how these are different so it’s easier for you to select the right protocol based your requirement.

File Transfer Protocol (FTP)
FTP works in a client-server architecture. One computer acts as the server to store data and another acts as the client to send or request files from the server. FTP typically uses port 21 for communication and the FTP server will listen in for client communications on the port.
FTP exchanges data using two separate channels:
Command Channel: The command channel is typically used for transmitting (send and receive) commands (e.g. USER, PASS commands) over port 21 (on the server side) between the FTP client and server. This channel will remain open until the client sends out the QUIT command, or if the server forcibly disconnects due to inactivity.
Data Channel: The data channel is used for transmitting data. For an active mode FTP the data channel will normally be on port 20 (on the server side). And for passive mode, a random port will be selected and used. In this channel, data in the form of directory listings (e.g. LIST, STOR and RETR commands) and file transfers (e.g. normal uploading and downloading of a file). Unlike the command channel, the data channel will close connection on the port once the data transfer is complete.

FTP is an unencrypted protocol and is susceptible to interception and attacks. The requirement of ports to remain open also poses a security risk.

File Transfer Protocol over SSL (FTPS)
FTPS is just an extension to FTP which adds support for cryptographic protocols such as Transport Layer Security (TLS) and Secure Sockets Layer (SSL). FTPS allows the encryption of both the control and data channel connections either concurrently or independently. There are two types of FTPS methods possible:
Implicit FTPS: This is a simple technique which involves using standard secure TLS sockets in place of plain sockets at all points.  Since standard TLS sockets require an exchange of security data immediately upon connection, it is not possible to offer standard FTP and implicit FTPS on the same port.  For this reason another port needs to be opened – usually port 990 for FTPS control channel and port 989 for FTPS data channel.
Explicit FTPS: In this technique, the FTPS client must explicitly request security from an FTPS server, and then step up a mutually agreed encryption method. If a client does not request security, the FTPS server can either allow the client to continue in unsecure mode or refuse/limit the connection.

The primary difference between both the techniques is that in the explicit method the FTPS-aware clients can invoke security with an FTPS-aware server without breaking overall FTP functionality with non-FTPS-aware clients. Whereas in the implicit method, all clients of the FTPS server must be aware that SSL is to be used on the session, and so becomes incompatible with non-FTPS-aware clients.

SSH File Transfer Protocol (SFTP)
SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up to provide secure file access, file transfer, and file management functionalities over any reliable data stream. Here, there is no concept of command channel or data channel. Instead, both data and commands are encrypted and transferred in specially formatted binary packets via a single connection secured via SSH.
For basic authentication, you may use a username and password to secure the file transfer, but for more advanced authentication, you can use SSH keys (combination of public and private keys).
Though SFTP clients are functionally similar, you cannot use a traditional FTP client to perform file transfer via SFTP. You must use an SFTP client for this.

A major functionality benefit in SFTP over FTP and FTPS is that in addition to just file transfer, you can also perform file management functions such as permission and attribute manipulation, file locking, etc.

Unencrypted information exchange in both command and data channels.
Communication is human readable.
Encryptions happens on both command and data channels via either implicit SSL or explicit SSL.
Communication is human-readable.
All information exchange between the FTP server and client are encrypted via SSH protocol. SFTP can also encrypts the session.
Communication is not human-readable as it’s in a binary format.
Firewall Port for Server
Allow inbound connections on port 21
Allow inbound connections on port 21 and/or 990, 989
Allow inbound connections on port 22
Firewall Port for Client
Allow outbound connections to port 21 and passive port range defined by server
Allow outbound connections to port 21 and passive port range defined by server
Allow outbound connections to port 22


ABOR – abort a file transfer
CWD – change working directory
DELE – delete a remote file
LIST – list remote files
MDTM – return the modification time of a file
MKD – make a remote directory
NLST – name list of remote directory
PASS – send password
PASV – enter passive mode
PORT – open a data port
PWD – print working directory
QUIT – terminate the connection
RETR – retrieve a remote file
RMD – remove a remote directory
RNFR – rename from
RNTO – rename to
SITE – site-specific commands
SIZE – return the size of a file
STOR – store a file on the remote host
TYPE – set transfer type
USER – send username
ACCT* – send account information
APPE – append to a remote file
CDUP – CWD to the parent of the current directory
HELP – return help on using the server
MODE – set transfer mode
NOOP – do nothing
REIN* – reinitialize the connection
STAT – return server status
STOU – store a file uniquely
STRU – set file transfer structure
SYST – return system type


The Trivial File Transfer (TFTP) utility provides the user interface to TFTP. This program allows a user to transfer files to and from a remote host.  TFTP primarily allows remote diskless systems to read bootstrap images over the network. TFTP uses UDP to make transfers. It does not provide user login validation.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s