FTP control and Data connections
FTP uses control connection to establish a session with the ftp server, while the data connection is established when there are any file transfer is happening.
I have tried to get the scenario in my VM lab , below is an example of the control and the data connection along with its working.
FTP authentication & control connection :
FTP uses authentication , below is a good example why the traditional ftp has security risks , as you could see the usernames and the passwords are transmitted on the medium via clear text.
After the TCP 3 way handshake there is a control connection which is being established by the ftp , as the source port can be seen under TCP as port 21 ,which is the default port used for control connection.
Username and Password (hidden in the screenshot) are prompted to the user as a part of the server authentication , once on successful login the control connection will be established to carry out the commands to the FTP server.
FTP Data connection and file transfer:
FTP passes the commands via the port 21 , where the TCP port 20 is used for transferring the data and files to the client machine , for transferring data in FTP it uses a PORT command which creates a separate channel where the one another TCP connection is established over the control connection TCP session.
In packet 62 we can see the PORT command being sent from the client to server to start an Active file transfer which is in Packet 61 {PORT 192,168,152,1,214,118} , it is where the client tells the server on which port it will be listening actively for the data connection.
The PORT command breaks as follows:
The first 4 values {192,168,152,1} which is the client machine IP address 192.168.152.1
The 5th {214} and 6th {118} value are the port numbers the calculation goes as
(5th-value * 256) + 6th-value = client listening port ,which is in our case follows
[(214*256)+118]= 54902
As in the Screenshot packet number 64 to 66 it can be seen the TCP connection made in the listening port of 54902.
Similarly in packets 76 to 90 , we can see another negotiation of the Data connection and file transfer happening , In this test I was transferring a Test file named testfile.txt ,which can be seen requested by the client to the server on packet 77.
FTP connection termination:
The Graceful termination happens in the FTP when the client machine sends a QUIT signal over the control channel.
