FTP exists primarily for the transfer of data
between two end points. FTP differs from HTTP (Hyper Text Transfer Protocol,
used for serving websites via web browsers) fundamentally as it is an
application made up of two distinct TCP connections:
-
Control connection: This TCP-based connection is used to provide a
communications channel for the delivery of commands and replies. This is
effectively the mechanism that enables the user to tell the server which file is
being requested, which directory it is in, and so forth.
-
Data connection: The second TCP-based connection is used for the actual
transfer of user data. Once the Control connection has been used to exchange
information on which file is required, the Data connection is used to transfer
the file between the client and server.
Using these two communication connections, two distinct modes of operation
determine in which direction the connections are established: Active mode and
Passive mode.
FTP is a TCP based service exclusively. There
is no UDP (User Datagram Protocol transports data as a connectionless protocol,
using packet switching) component to FTP. FTP is an unusual service in that it utilizes two
ports, a Data port and a Command port (also known as the Control port).
Traditionally these are port 21 for the Command (Control) port and port 20 for the
Data
port. The confusion begins however, when we find that depending on the mode, the
data port is not always on port 20.
Active FTP
In active mode FTP the FTP client software connects from a
random unprivileged (unprivileged port is a port which is higher than 1023) port.
Let's say N is the FTP server's command port, port 21.
Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's
specified data port from its local data port, which is port 20.
Here in this mode of FTP, Scubez.Net doesn't need to open
any additional non-secure ports on our servers firewall and hence is secure
from the server-side.
Passive FTP
In passive mode FTP, the FTP client initiates both
connections to the server. When opening an FTP
connection, the client opens two random unprivileged ports, lets say N and N+1. The first port contacts the server on
port 21, but instead of then issuing a PORT command and allowing
the server to connect back to its data port, the client will issue the
PASV command. The result of this is that the server then opens a random
unprivileged port lets say P and sends the
PORT command back to the client. The client then initiates the connection from port
N+1 to port P on the server to transfer data.
This method of FTP is insecure, as a
random
unprivileged port is opened on the Server. This is a potential security issue
and it isn't advisable to use the Passive
mode of FTP.
IMPORTANT
All Scubez.Net Windows
and Linux web servers support both Active as well as Passive modes.
All popular
FTP software allow users to select the data connection mode (Active or Passive),
when uploading/downloading data to a web server.
Reference:
Click here
to read how to set data connection mode in CuteFTP >>
Click here
to read how to set data connection mode in 3D-FTP >>
Click here
to read how to set data connection mode in CoreFTP >>
Click here
to read how to set data connection mode in SmartFTP >>
Click here
to read how to set data connection mode in WS_FTP >>
Click here
to read how to set data connection mode in WinSCP >>
Click here
to read how to set data connection mode in FileZilla >>
