What is an FTP port?
The FTP, or the File Transfer Protocol, makes it possible for users to exchange files between their personal computers and remote servers with the help of specialized software tools called FTP clients. Through FTP software tools users can establish connections with a remote machine of their choice and perform any necessary data transfers. The FTP connections are executed through certain ports, which are either the default TCP ports or custom ports set by an administrator.
Executing an FTP port connection through a client is a two-stage process requiring the use of two different ports. Once the user enters the name of the server and the login credentials in the authorization fields of the FTP client, the FTP connection is established and the FTP control port of the FTP server (the default port for sending commands is 21) is opened. Then a second connection to the server is made by the client, followed by a response of the FTP server from the port for sending data (the default data sending port is 20), when the real file transfer actually begins.
Active and Passive mode FTP connections
What is the difference between an active and a passive FTP connection and how they work is one of the most asked questions. It is good to have an FTP host which provides support for both, because there are cases when one works and the other refuses a connection. Such cases happen because of improperly configured firewalls and routers on the client's side or in the client's ISP network.
So, what is the difference between the active and the passive mode FTP connections? - And the answer is in the FTP port connections. The FTP is a TCP service which uses 2 ports. The first FTP port is the 'command port' which utilizes the communication between the FTP server and the FTP client. The second port is the 'data transfer' port where the real file transfer runs. Typically, the command port is set to port 21 and the data transfer port is port 20, but actually, depending on the connection mode, the data transfer port can be changed.
The active mode connection
When you try to establish an FTP connection in active mode, first you need to check your FTP software's settings if "Active mode" is enabled. In the most popular free FTP programs the active mode is enabled by default. If disabled, set it on and proceed with filling your FTP account details.
Look at the connection log below to see how the connection proceeds. You will notice that the client sends a PORT command which is containing the dynamic port number on which it is listening over the control stream and waits for a connection from the FTP server. When the FTP server initiates the data connection to the FTP client it binds the source port to port 20 on the FTP server.
An example of an FTP connection log using an Active mode
Status: Resolving address of my-best-domain.net Status: Connecting to 18.104.22.168:21... Status: Connection established, waiting for welcome message... Response: 220 ProFTPD 1.2.10 Server (sc109.info) [22.214.171.124] Command: USER demomovie Response: 331 Password required for demomovie. Command: PASS ***** Response: 230 User demomovie logged in. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: 211-MDTM Response: 211-REST STREAM Response: 211-SIZE Response: 211 End Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I Command: PORT 10,1,242,250,180,46 Response: 200 PORT command successful Command: LIST Response: 150 Opening ASCII mode data connection for file list Response: 226 Transfer complete. Status: Directory listing successful
But let's explain the things in more detail. First, the client opens a random dynamic port, for example port 1025, and connects to the server's port 21. Then the client opens a data port (the command port + 1 = 1026) and sends a PORT command to the FTP server. Then the server connects back to the client's data port 1026 using its local data port 20 and starts the transfer.
The passive mode connection
Passive mode FTP connections are designed to resolve problems with firewalls and routers that didn't allow an active connection to be established.
If you can't connect to the server in active mode, you need to enable the "Force Passive mode" option of your FTP Client. Then the client will initiate both connections to the server, which may resolve the problem even if there are some limitations imposed by your ISP's network or your personal firewall.
Let's see how the passive mode works. First, the FTP Client opens two dynamic ports - a command port (for example port 1025) and a data transfer port (the command port +1 = port 1026). Then the client connects its command port to port 21 on the server, but instead of using a PORT command, it sends a PASV command which tells the server that the connection is set in passive mode. When it reads the PASV command, the server opens a random dynamic port (for example 1027), which is forwarded to port 20 (the server's default data transfer port), and sends it back to the client. Then the FTP client initiates the connection from its data port (port 1026) to the server's data port (port 1027) and starts the data transfer.
This mode is a great method of resolving problems with firewalls filtering the incoming data port connection to the client from the server. Let's check how the connection log looks like:
Status: Resolving address of my-best-domain.net Status: Connecting to 126.96.36.199:21... Status: Connection established, waiting for welcome message... Response: 220 ProFTPD 1.2.10 Server (sc109.info) [188.8.131.52] Command: USER demo Response: 331 Password required for demomovie. Command: PASS ********** Response: 230 User demo logged in. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: 211-MDTM Response: 211-REST STREAM Response: 211-SIZE Response: 211 End Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I Command: PASV Response: 227 Entering Passive Mode (66,40,34,171,137,225). Command: LIST Response: 150 Opening ASCII mode data connection for file list Response: 226 Transfer complete. Status: Directory listing successful