Active Vs Passive FTP

January 27th, 2009 by Giridhar | Posted under Howtos.

Active vs passive FTP explained well here.

This was a myth for me for a long time till I read a document on internet

FTP is a TCP based service , it actually utilize two ports one data port and one control(command) port.

Active FTP

In active mode FTP the client connects from a random unprivileged port (N > 1023)
to the FTP server’s command port, port 21. Then, the client starts listening to port N+1 and
sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client’s
specified data port from its local data port, which is port 20

Problem with active port
The main problem with active mode FTP actually falls on the client side. The FTP client doesn’t make the actual 
more info on ftp


connection to the data port of the server–it simply tells the server what port it is listening on and
the server connects back to the specified port on the client. From the client side firewall this appears to
be an outside system initiating a connection to an internal client–something that is usually blocked

activeftp

activeftp

Passive FTP
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering
the incoming data port connection to the client from the server. When opening an FTP connection,
the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts
the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back
to its data port, the client will issue the PASV command. The result of this is that the server then opens
a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then
initiates the connection from port N+1 to port P on the server to transfer data
Problem with Passive ftp
While passive mode FTP solves many of the problems from the client side, it opens up a whole range of
problems on the server side. The biggest issue is the need to allow any remote connection to high numbered
ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator
to specify a range of ports which the FTP server will use..
passiveftp

passiveftp


Need more info about this topic?

Delivered by FeedBurner

Tags:

Have any comments?