FTP – Active vs Passive

File Transfer Protocol (FTP) is a network protocol used to transfer data from one computer. In order to download and upload files to an FTP site, you need to connect using an FTP client/server.
FTP runs exclusively over TCP and listens on port 21 (command port) by default. Data is transferred across a separate data channel, but this port varies dependant on the FTP mode being used.


Generally there are 2 modes for FTP,

  • Active mode
  • Passive mode (PASV)


In Active mode the client connects to the FTP Servers command port (21) from a random high port. The clients data port then starts listening on a port, which is one greater than the random high port previously selected, and informs the server using the PORT command.
The server then connects to the clients data port from a source port of 20 (or the command port minus 1).



In order to stop the server initiating a data connection to the client, passive FTP or PASV was created. With passive mode the client initiates both connections to the server.
This resolves many of the firewall issues associated with Active FTP and the incoming data connections from the FTP server.

When opening a Passive connection the client opens two random ports locally. The first port is used to connect to the servers command port on port 21.
The client then issues the PASV command. The server then opens a random high port as the data port and informs the client. The client then connects to this port.

Passive FTP

Below shows a summary of both FTP modes, and which side initiated each connection for each channel (command/data).

FTP modes - Active and Passive



Acronyms Explained

SFTP (SSH File Transfer Protocol)
– SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. SFTP uses the standard SSH port (22) for communication.

FTPS (File Transfer Protocol SSL) – FTP over SSL. FTPS uses the same default ports as standard FTP for communication. Due to the encrypted packets, FTPS can cause issues within some firewalls not being able to reconise it as an FTP connection. In this scenerio addition rules for the data connection would be required.

TFTP (Trivial File Transport Protocol)
– A simplified version of FTP that lacks the authentication services FTP provides and relies on UDP rather than TCP for data transport.




Common Commands

ABORabort a file transfer
CWDchange working directory
DELEdelete a remote file
LISTlist remote files
MDTMreturn the modification time of a file
MKDmake a remote directory
NLSTname list of remote directory
PASSsend password
PASVenter passive mode
PORTopen a data port
PWDprint working directory
QUITterminate the connection
RETRretrieve a remote file
RMDremove a remote directory
RNFRrename from
RNTOrename to
SITESite specific commands
SIZEreturn the size of a file
STORstore a file on the remote host
TYPEset transfer type
USERsend username

Less Common Commands

ACCTsend account information
APPEappend to a remote file
CDUPCWD to the parent of the current directory
HELPreturn help on using the server
MODEset transfer mode
NOOPdo nothing
REINreinitialize the connection
STATreturn server status
STOUstore a file uniquely
STRUset file transfer structure
SYSTreturn system type


FTP Return Codes

1xxPositive Preliminary replyThe action requested is being initiated but there will be another reply before it begins
2xxPositive Completion replyThe action requested has been completed. The client may now issue a new command.
3xxPositive Intermediate replyThe command was successful, but a further command is required before the server can act upon the request
4xxTransient Positive Intermediate replyThe command was not successful, but the client is free to try the command again as the failure is only temporary.
5xxPermanent Negative Completion replyThe command was not successful and the client should not attempt to repeat it again.
x0xThe failure was due to a syntax error.
x1xThis response is a reply to a request for information.
x2xThis response is a reply relating to connection information.
x3xThis response is a reply relating to accounting and authorization.
x4xUnspecified as yet
x5xThese responses indicate the status of the Server file system vis-a-vis the requested transfer or other file system action.
Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial