Layer 7 File Transfer Protocols: FTP and SMB

Layer 7 file transfer protocols, such as FTP and SMB, are essential for transferring files and sharing resources across networks. Understanding these protocols helps in managing file transfers and ensuring network security.

Key Points

• Layer 7 File Transfer Protocols: Operate at the application layer of the OSI model.
• FTP: Uses a client-server architecture for file transfers.
• SMB: Enables file and printer sharing across devices.
• Security Risks: Both protocols have inherent risks that need addressing.

Learning Objectives

• Understand what Layer 7 file transfer protocols are.
• Identify how FTP works using a client-server architecture.
• Explain the role of ports 20 and 21 in FTP communication.
• Understand how SMB enables file sharing across devices.
• Recognize basic security risks associated with SMB.

Key Concepts

• Application Layer (Layer 7): The top layer of the OSI model where user-facing network services operate (file transfer, web, email).
• FTP (File Transfer Protocol): A protocol designed to transfer files between a client and a server over a network.
• Client–Server Model: Communication where a client requests resources and a server provides them.
• Control Connection: In FTP, a channel used to send commands and administrative instructions.
• Data Connection: In FTP, a separate channel dedicated to transferring files.
• SMB (Server Message Block): A protocol used for file sharing, printer access, and network resource communication.
• Ports: Logical communication endpoints used by TCP/IP protocols (e.g., TCP 21, TCP 20, TCP 445).

Detailed Explanations

FTP: Overview

FTP is an application-layer protocol created to transfer files across IP networks. It operates using a client–server architecture.

A user launches an FTP client application (for example, FileZilla) to connect to an FTP server and upload or download files. The client sends formatted commands, and the server responds with data or status messages.

FTP traditionally works over TCP, ensuring reliable delivery.

FTP Connections: Control vs Data

FTP is unique because it uses two separate connections:

• Control connection (TCP port 21) Used for authentication, commands, and administrative communication.

• Data connection (TCP port 20 in active mode) Used to transfer files or directory listings.

Important technical clarification:

• Port 20 is mainly associated with active FTP mode.
• In passive mode, the server opens a random high port for data transfer instead of using port 20.

This separation allows commands to continue while files are being transferred.

FTP Communication Flow (Simplified)

Client                         FTP Server
   | -------- Control (21) --------> |
   | <------- Responses ------------ |
   | -------- Data (20 or random) ->|
   | <------- File transfer --------|

FTP Client Example

An FTP client is simply software that implements the protocol.

Example workflow:

1. The client connects to the server on port 21.
2. The user authenticates (username/password).
3. The client sends commands such as LIST, GET, or PUT.
4. Files move through the data connection.

SMB: File Sharing Protocol

SMB (Server Message Block) is another application-layer protocol designed primarily for file and printer sharing on local networks.

Unlike FTP, SMB often integrates directly into operating systems (especially Windows environments). Users can access shared folders as if they were local directories.

Key characteristics:

• Uses a standardized message format.
• Works across many devices: servers, workstations, printers.
• Commonly runs over TCP port 445 (modern implementations).

SMB and Security Risks

SMB has historically been targeted by malware because it allows file access across networked machines.

A well-known example is the WannaCry ransomware outbreak, which exploited vulnerabilities in SMB to propagate automatically across networks.

How the spread worked conceptually:

1. Malware exploited an SMB vulnerability.
2. It copied itself to other devices via file-sharing mechanisms.
3. Each infected machine scanned the network for new targets.

This demonstrates how powerful — but risky — file-sharing protocols can be when not patched or secured.

Diagrams / Visual Schematics

FTP Ports Summary

Purpose	Protocol	Default Port	Description
Control channel	TCP	21	Commands and authentication
Data channel (active mode)	TCP	20	File transfers

FTP vs SMB Comparison

Feature	FTP	SMB
Primary usage	File transfer	File and resource sharing
Architecture	Client–server	Network file system style
Typical environment	Internet / servers	Local networks / enterprise
Security risks	Plaintext credentials (classic FTP)	Vulnerabilities exploited by worms

Attention Points / Common Mistakes

• Confusing port 20 as always used for FTP data transfer. In passive mode, other ports are used.
• Assuming FTP is secure by default — classic FTP transmits credentials in clear text. Secure variants include FTPS and SFTP (different protocols).
• Mixing up SMB with FTP: SMB behaves more like remote disk access than a simple file transfer.
• Ignoring updates and patches for SMB services, which can expose networks to ransomware.

Practical Example

Home Network Scenario

You want to upload website files to a remote server:

1. You open FileZilla (FTP client).
2. Connect to an FTP server on port 21.
3. Authenticate with your credentials.
4. Files upload through the data channel.

Office Network Scenario

In a company environment:

• Employees access a shared folder via SMB.
• A network printer exposes a shared SMB resource.
• Files appear like local folders on each workstation.

Key Takeaways (Quick Summary)

• FTP and SMB are Layer 7 file transfer protocols.
• FTP uses two connections: control (21) and data (20 or passive ports).
• FTP follows a strict client–server model.
• SMB enables shared folders and devices across a network.
• SMB vulnerabilities have enabled large-scale attacks like WannaCry.
• Classic FTP is not encrypted; secure alternatives exist.
• Keeping SMB services updated is essential for security.

Learn More

• RFC 959: File Transfer Protocol (FTP)
• Microsoft SMB Protocol Documentation
• IETF (Internet Engineering Task Force)
• Cisco Networking Academy: Application Layer Protocols
• Cloudflare Learning Center: FTP and SMB Explanations
• Microsoft Security Advisory: WannaCry Analysis