Understanding FTP and TFTP: File Transfer Basics for Beginners

When working with networks, there are times when you need to move files between devices. This is where file transfer protocols come in. Two common ones you might encounter are FTP and TFTP. Both are used to send and receive files, but they work in different ways and are suited for different situations. In this blog, we will look at what FTP and TFTP are, how they work, and where you might use each one. The goal is to keep things simple so even if you are just starting out, you will understand the basics.

---

FTP (File Transfer Protocol)

FTP is one of the oldest and most common ways to transfer files over a network. It works on the client-server model. This means you have an FTP client, which requests files, and an FTP server, which stores and provides the files.

FTP uses two separate channels to work:

• Command channel for sending commands and receiving responses

• Data channel for actually transferring the files

By default, FTP uses port 21 for the command channel and another port for the data channel depending on the mode it operates in.

There are two modes for transferring files in FTP:

• Active mode where the server initiates the data connection to the client

• Passive mode where the client initiates both the command and data connections, which is often easier when working with firewalls

FTP can transfer large files, supports authentication with usernames and passwords, and can also allow anonymous access if the server is set up that way. However, one downside is that data, including login credentials, is sent in plain text, making it less secure unless you use FTPS or SFTP for encryption.

---

TFTP (Trivial File Transfer Protocol)

TFTP is a simpler version of FTP. It is designed for basic file transfers without many of the features that FTP offers. Unlike FTP, TFTP does not require a username or password. This makes it easier to set up but also less secure.

TFTP uses UDP port 69 instead of TCP. UDP is connectionless, meaning there is no formal connection setup between devices before sending data. Because of this, TFTP is faster for small transfers but is not reliable for transferring large files or sensitive information.

TFTP is often used in specific situations such as:

• Transferring configuration files to or from network devices like routers and switches

• Loading operating systems or firmware during device startup

• Network booting for computers without local storage

Since it has no authentication and no encryption, TFTP is usually used only within secure local networks, never over the internet.

---

FTP vs TFTP Comparison

---

TFTP Reliability

TFTP is not as reliable as FTP because it uses UDP, which does not guarantee that data packets will arrive in order or even arrive at all. While TFTP does have basic acknowledgments for each block of data sent, it still lacks the built-in error recovery that comes with TCP. This is why TFTP works best for small files where speed matters more than error handling. For larger or critical files, FTP or another secure transfer method is the better choice.

---

TFTP Connections and the Three Phases of File Transfer

Even though TFTP is simpler than FTP, it still follows a clear process when transferring files. A TFTP transfer typically happens in three phases:

1. Connection Establishment
   The client sends a Read Request (RRQ) or Write Request (WRQ) to the TFTP server using UDP port 69. If the request is accepted, the server responds from a different, randomly chosen port for the rest of the transfer.

2. Data Transfer
   The file is broken into small blocks, usually 512 bytes each. The server sends a block, and the client sends an acknowledgment (ACK) for that block. This continues until the last block is sent.

3. Connection Termination
   Once the final block is acknowledged, the transfer ends. Because TFTP uses UDP, there is no formal “connection close” like in TCP. The process simply stops after the last ACK.

Think of TFTP like passing notes in a classroom.

You (the client) write a short note and hand it to the teacher (the server). After every note you give, the teacher gives you a quick thumbs up (ACK) to confirm they got it. You keep passing notes one by one until the last one is sent. When the last thumbs up is given, you simply stop. There is no big goodbye or handshake, you just both know it’s done.

This simple back-and-forth works fine for small notes, but if you tried to pass a long essay this way, there’s a higher chance a page could get lost or out of order. That’s why TFTP is fine for small files but not great for large or important ones.

---

TFTP TID (Transfer Identifier)

In TFTP, the Transfer Identifier, or TID, is like a unique address used during a file transfer. When the client first sends a request to the server on UDP port 69, the server replies from a new, randomly chosen port. This new port number becomes the server’s TID for that transfer. The client also uses its own port number as its TID.

These TIDs are important because they make sure that messages belong to the correct transfer. If a packet arrives with the wrong TID, the receiver ignores it. This helps prevent confusion when multiple TFTP transfers are happening at the same time on the same device.

---

FTP Overview

FTP, or File Transfer Protocol, is a way to move files between two devices over a network. It works using a client and a server. The client requests files or uploads them, and the server stores or sends them.

FTP uses two connections:

• Command channel (TCP port 21) for sending instructions and responses

• Data channel for transferring the files. In active mode, the server connects back to the client on TCP port 20. In passive mode, the server uses a random port for data transfer, and the client connects to it.

FTP supports authentication with a username and password, but it does not encrypt the data by default. This means that anyone who intercepts the traffic can see the login details and the files being transferred. To secure it, you can use:

• FTPS: FTP over SSL/TLS, which adds encryption

• SFTP: SSH File Transfer Protocol, a different protocol that runs over SSH for secure transfers

---

FTP Control Connection

The control connection in FTP is the link used to send commands and receive responses between the client and the server. It is created when the client connects to the server’s TCP port 21. This connection stays open for the entire session, even while files are being transferred on a separate data connection.

Think of the control connection as a conversation line. The client sends instructions like “list files,” “download this file,” or “upload that file,” and the server replies with status messages or confirmations. No actual file data passes through this channel. It is only for communication and control.

Because it stays active throughout the session, the control connection makes it easy to send multiple commands without reconnecting each time. The actual file transfers happen separately on the data connection.

---

FTP Data Connection: Active Mode

In active mode, the client opens a random TCP port above 1023 and tells the server which port it is using. The server then starts the data connection from its TCP port 20 to the client’s chosen port.

Here’s how it works step-by-step:

1. The client connects to the server on TCP port 21 to establish the control connection.

2. When the client needs to transfer data, it sends the PORT command to tell the server which port it is listening on.

3. The server connects back to that client port from its own TCP port 20.

4. Once connected, the data transfer begins.

The challenge with active mode is that many firewalls block incoming connections to the client, which can cause transfers to fail unless the firewall is configured to allow them. This is why passive mode is often preferred in modern networks.

---

FTP Data Connection: Passive Mode

In passive mode, the client takes more control over the data connection to avoid firewall problems. Instead of the server connecting back to the client, the client connects to the server for both the control and data connections.

Here’s how it works:

1. The client connects to the server on TCP port 21 to establish the control connection.

2. When it is ready to transfer data, the client sends the PASV command.

3. The server replies with the IP address and a random TCP port number it will use for the data connection.

4. The client then starts the data connection to that port, and the transfer begins.

Passive mode works better with firewalls and NAT because all connections are initiated from the client’s side. This is why it is often the default setting for many FTP clients today.

---

IOS File Systems

In Cisco devices, the IOS file system is where the operating system, configuration files, and other important data are stored. Cisco devices can work with different types of file systems, each serving a specific purpose. Some common ones you will see include:

• flash: Stores the IOS image and sometimes backup configuration files.

• nvram: Holds the startup configuration file that loads when the device powers on.

• ram: Used as working memory for the running configuration and temporary files.

• tftp: Allows the device to access files from a TFTP server over the network.

• ftp: Lets the device connect to an FTP server to upload or download files.

Each file system can be accessed using its prefix, for example:

flash:
nvram:
tftp:

Knowing these file systems is important when upgrading the IOS, backing up configurations, or restoring files.

---

The show file systems Command

In Cisco IOS, the show file systems command lists all available file systems on the device, their types, sizes, and whether they are read-only or read/write. This helps you see what storage options you have and check available space before transferring or saving files.

Example:

Router> show file systems
File Systems:

       Size(b)     Free(b)      Type    Flags   Prefixes
*    32514048    15360000     flash     rw     flash:
     32514048    15360000     flash     rw     system:
             -           -     opaque    rw     tmpsys:
             -           -     opaque    rw     null:
             -           -     network   rw     tftp:
             -           -     network   rw     ftp:
         16384       12456     nvram     rw     nvram:
             -           -     opaque    ro     syslog:
       6553600    6489600     disk      rw     disk0:
             -           -     opaque    rw     xmodem:
             -           -     opaque    rw     ymodem:

In this example:

• The asterisk (*) shows the current default file system (flash:).

• You can see the size, free space, and type of each file system.

• rw means read/write, while ro means read-only.

---

Understanding File System Types in Cisco IOS

When you run the show file systems command, one of the columns shows the Type. This tells you what kind of storage or access method that file system uses. Here’s what some of the common types mean:

• disk – This is physical storage, like a flash memory card or hard disk in the device. It can store IOS images, configuration backups, and other files. Examples are flash: or disk0:.

• opaque – This is a special type of file system that does not behave like normal storage. It is used for internal processes or temporary storage. Examples are null: (discards anything written to it, like a trash bin) and syslog: (stores log messages).

• nvram – This stands for Non-Volatile Random-Access Memory. It is a small memory area that keeps its contents even after the device is powered off. It usually stores the startup configuration file.

• network – This type allows the device to access files over the network. Examples are tftp: and ftp:. These let you upload or download files from a server without using local storage.

---

Upgrading Cisco IOS

Upgrading the IOS on a Cisco device is an important task to fix bugs, add new features, and improve security. Before starting, you need to check your device’s current software version and make sure you have enough space for the new image. Two useful commands for this are show version and show flash.

show version
This command displays detailed information about the device, including:

• Current IOS version

• Device model and memory details

• Uptime

• Configuration register value (important for boot behavior)

Example:

Router> show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.4(3)M3
...
ROM: System Bootstrap, Version 15.0(1r)M16
Router uptime is 2 weeks, 3 days, 4 hours, 12 minutes
System image file is "flash:c2900-universalk9-mz.SPA.154-3.M3.bin"
...
Configuration register is 0x2102

From this, you can confirm the current IOS file name and version.

show flash
This command lists the contents of the flash memory where the IOS image is stored. It shows the file names, sizes, and available free space.

Example:

Router> show flash
System flash directory:
File  Length   Name/status
  1   25346024 c2900-universalk9-mz.SPA.154-3.M3.bin
[25346024 bytes used, 10240000 available, 35586024 total]

From this, you can check if there is enough space for the new IOS image before copying it to the device.

---

Copying Files Using TFTP

One common way to upgrade or back up a Cisco IOS image is by using a TFTP server. This method is simple and works well within a secure local network. The copy command in IOS lets you transfer files between the device and the TFTP server.

To copy an IOS image from a TFTP server to the device:

Router> copy tftp: flash:
Address or name of remote host []? 192.168.1.10
Source filename []? new-ios-image.bin
Destination filename [new-ios-image.bin]?

• tftp: means the file source is a TFTP server.

• flash: means the file destination is the device’s flash memory.

• You enter the TFTP server’s IP address and the file name you want to copy.

To back up the current IOS image to a TFTP server:

Router> copy flash: tftp:
Source filename []? c2900-universalk9-mz.SPA.154-3.M3.bin
Address or name of remote host []? 192.168.1.10

• flash: is the source, meaning you are taking the file from the device’s flash memory.

• tftp: is the destination, meaning the file will be stored on the TFTP server.

Before copying, make sure the TFTP server is running, reachable, and that the file path is correct.

---

Upgrading Cisco IOS Process

Once you have the new IOS image on your device, the next step is to make it the active image. This is done by telling the router or switch to boot from the new file during the next startup.

Step 1: Verify the Image
After copying the image to flash, confirm it is there and not corrupted:

Router> dir flash:

Check the file size and make sure it matches the original file on the TFTP server.

Step 2: Set the Boot Variable
Tell the device which image to use at the next boot:

Router(config)# boot system flash:new-ios-image.bin

Step 3: Save the Configuration

Router# write memory

or

Router# copy running-config startup-config

Step 4: Reload the Device

Router# reload

The device will restart using the new IOS image.

Step 5: Confirm the Upgrade
Once the device boots, use:

Router> show version

to check that it is now running the new IOS version.

---

Deleting Files in Cisco IOS

If you need to free up space in flash memory before upgrading the IOS or saving other files, you can delete unused files. In Cisco IOS, the delete command removes a file from a file system.

Example:

Router> delete flash:old-ios-image.bin
Delete filename [old-ios-image.bin]? 
Delete flash:old-ios-image.bin? [confirm]

• You specify the file system (flash:) and the file name.

• The device asks for confirmation before deleting.

In many Cisco devices, deleting a file does not immediately erase it from flash. It is only marked as deleted. To permanently remove it and recover the space, use:

Router> squeeze flash:

or, on some devices:

Router> format flash:

(Note: Formatting will erase all files on flash, so be careful.)

---

Copying Files Using FTP

FTP can also be used to transfer IOS images or configuration files between a Cisco device and a server. Unlike TFTP, FTP supports authentication with a username and password, which adds a layer of security, although the data is still sent in plain text unless FTPS is used.

To copy an IOS image from an FTP server to the device:

Router> copy ftp: flash:
Address or name of remote host []? 192.168.1.20
Source filename []? new-ios-image.bin
Destination filename [new-ios-image.bin]? 
Username []? admin
Password: *****

• ftp: means the file source is an FTP server.

• flash: means the destination is the device’s flash memory.

• You provide the server IP, file name, username, and password.

To back up an IOS image from the device to an FTP server:

Router> copy flash: ftp:
Source filename []? c2900-universalk9-mz.SPA.154-3.M3.bin
Address or name of remote host []? 192.168.1.20
Username []? admin
Password: *****

• flash: is the source, taking the file from local flash memory.

• ftp: is the destination, storing it on the FTP server.

Before starting, make sure the FTP server is running, reachable, and you have the correct credentials and permissions to upload or download files.

---

Setting FTP Username and Password in Cisco IOS

If you use FTP often on a Cisco device, you can set a default username and password so you do not have to enter them each time you copy a file. This is done with the ip ftp username and ip ftp password commands.

Example:

Router(config)# ip ftp username admin
Router(config)# ip ftp password cisco123

• ip ftp username sets the default FTP username.

• ip ftp password sets the default FTP password.

Once these are configured, you can run commands like:

Router> copy ftp: flash:
Address or name of remote host []? 192.168.1.20
Source filename []? new-ios-image.bin
Destination filename [new-ios-image.bin]?

The device will automatically use the saved username and password, saving time and reducing typing errors.

---

Command Summary

Here are the key commands we discussed:

---

Wrap-Up

We explored how FTP and TFTP work, their differences, and the ports they use. You learned that TFTP is simple and fast but has no authentication, while FTP supports usernames and passwords but still sends data in plain text unless secured with FTPS or SFTP. We then moved into Cisco IOS file systems, useful commands to view and manage files, and how to copy, delete, and upgrade IOS images.

With these skills, you can handle file transfers confidently, keep your Cisco devices updated, and manage storage efficiently. Whether you use TFTP for quick internal transfers or FTP for authenticated access, you now have the tools to get the job done.