FTP is commonly run on two ports, 20 and 21, and runs exclusively over TCP. The FTP Server listens on Port 21 for incoming connection from FTP clients. A connection on this port forms the control stream, on which commands are passed to the FTP server. For the actual file transfer to take place, a different connection is required. Depending on the transfer mode, the client (active mode) or the server (passive mode) can listen for the incoming data connection. Before file transfer begins, the client and server also negotiate the port of the data connection. In case of active connections, (where the server connects to the client to transfer data) the server binds on Port 20 before connecting to the client. For passive connections, there is no such restriction.

While data are being transferred via the data stream, the control stream sits idle. This can cause problems with large data transfers through firewalls which time out sessions after lengthy periods of idleness. While the file may well be successfully transferred, the control session can be disconnected by the firewall, causing an error to be generated.

The objectives of FTP, as outlined by its RFC, are:

1. To promote sharing of files (computer programs and/or data).
2. To encourage indirect or implicit use of remote computers.
3. To shield a user from variations in file storage systems among different hosts.
4. To transfer data reliably and efficiently.

FTP is normally used by human beings who want to access file systems on other computers. It's also common for computer programs to use FTP to send to and obtain files from other computers usually in a routine, automated fashion. For example, a computer at a supplier might store data about its warehouses' current inventory in a database. The supplier may need to keep other partner companies aware of its current inventory. A solution to this may be for the supplier to write a program that dumps the inventory data from its database into a text file, XML file, or EDI file and then use FTP to send the file to its business partner's FTP server over the Internet or some other type of WAN. Since FTP doesn't use encryption companies may eventually optimize this arrangement to use SFTP.

Disadvantages

1. Passwords and file contents are sent in clear text, which can be intercepted by eavesdroppers.
2. Multiple TCP/IP connections are used, one for the control connection, and one for each download, upload, or directory listing. Firewall software needs additional logic to account for these connections.
3. It is hard to filter active mode FTP traffic on the client side by using a firewall, since the client must open an arbitrary port in order to receive the connection. This problem is largely resolved by using passive mode FTP.
4. It is possible to abuse the protocol's built-in proxy features to tell a server to send data to an arbitrary port of a third computer.
5. FTP is an extremely high latency protocol due to the number of commands needed to initiate a transfer.
6. No integrity check on the receiver side. If transfer is interrupted the receiver has no ways to know if the received file is complete or not. It is necessary to manage this externally for example with MD5 sum.

Security problems

FTP is an inherently insecure method of transferring files because there is no way for FTP software to transfer data in an encrypted fashion and still conform to the protocol's specifications. What this means is that under most network configurations, user names, passwords, FTP commands and transferred files can be "sniffed" or viewed by someone else on the same network using a protocol analyzer (or "sniffer"). (Most Internet protocols like HTTP, SMTP and telnet have similar problems.) The common solution to this problem is to use SFTP (SSH File Transfer Protocol) which is based on SSH, or FTPS (FTP over SSL), which adds SSL encryption to FTP.

Anonymous FTP

Many sites that run FTP servers enable so-called "anonymous ftp". Under this arrangement, users do not need an account on the server. The user name for anonymous access is typically 'anonymous' or 'ftp'. This account does not need a password. Although users are commonly asked to send their email addresses as their passwords for authentication, usually there is trivial or no verification, depending on the FTP server and its configuration. Internet Gopher has been suggested as an alternative to anonymous FTP.

Data format

While transferring data over the network, two modes can be used

1. ASCII mode
2. Binary mode

The two types differ from the way they send the data. When a file is sent using an ASCII-type transfer, the individual letters, numbers and characters are sent. The receiving machine saves these in a text file in the appropriate format (for example, a Unix machine saves it in a Unix format, a Macintosh saves it in a Mac format). Hence if an ASCII transfer is used it can be assumed plain text is sent, which is stored by the receiving computer in its own format.

Sending a file in binary mode is different. The sending machine sends each file bit for bit and as such the recipient stores the bitstream as it receives it.

By default, most FTP clients use ASCII mode. Some clients, nevertheless are more clever and try to determine the required transfer-mode by inspecting the file's name or contents.

FTP and web browsers

Most recent web browsers and file managers can connect to FTP servers. This allows manipulation of remote files over FTP through an interface similar to that used for local files. This is done via an FTP URL, which takes the form ftp://<ftpserveraddress> (e.g., ftp://ftp.gimp.org/). A password can optionally be given in the URL, e.g.: ftp://<login>:<password>@<ftpserveraddress>:<port>. Most web-browsers require the use of passive mode FTP, which not all FTP servers are capable of handling.