fir3net
PPS-Firenetbanner-780.5x190-30-03-17

FTP - Active vs Passive

File Transfer Protocol (FTP) is a network protocol used to transfer data from one computer. In order to download and upload files to an FTP site, you need to connect using an FTP client/server.
FTP runs exclusively over TCP and listens on port 21 (command port) by default. Data is transferred across a separate data channel, but this port varies dependant on the FTP mode being used.

Modes

Generally there are 2 modes for FTP,

  • Active mode
  • Passive mode (PASV)

Active

In Active mode the client connects to the FTP Servers command port (21) from a random high port. The clients data port then starts listening on a port, which is one greater than the random high port previously selected, and informs the server using the PORT command.
The server then connects to the clients data port from a source port of 20 (or the command port minus 1).

 

Passive

In order to stop the server initiating a data connection to the client, passive FTP or PASV was created. With passive mode the client initiates both connections to the server.
This resolves many of the firewall issues associated with Active FTP and the incoming data connections from the FTP server.

When opening a Passive connection the client opens two random ports locally. The first port is used to connect to the servers command port on port 21.
The client then issues the PASV command. The server then opens a random high port as the data port and informs the client. The client then connects to this port.


Below shows a summary of both FTP modes, and which side initiated each connection for each channel (command/data).




 

 

Acronyms Explained


SFTP (SSH File Transfer Protocol)
- SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group.
SFTP uses the standard SSH port (22) for communication.

FTPS (File Transfer Protocol SSL) - FTP over SSL. FTPS uses the same default ports as standard FTP for communication. Due to the encrypted packets, FTPS can cause issues within some firewalls not being able to reconise it as an FTP connection. In this scenerio addition rules for the data connection would be required.

TFTP (Trivial File Transport Protocol)
- A simplified version of FTP that lacks the authentication services FTP provides and relies on UDP rather than TCP for data transport.

 

 

Commands

Common Commands

ABOR abort a file transfer
CWD change working directory
DELE delete a remote file
LIST list remote files
MDTM return the modification time of a file
MKD  make a remote directory
NLST name list of remote directory
PASS   send password
PASV enter passive mode
PORT open a data port
PWD print working directory
QUIT terminate the connection
RETR retrieve a remote file
RMD   remove a remote directory
RNFR rename from
RNTO rename to
SITE   Site specific commands
SIZE return the size of a file
STOR store a file on the remote host
TYPE set transfer type
USER send username

Less Common Commands

ACCT   send account information
APPE   append to a remote file
CDUP  CWD to the parent of the current directory
HELP   return help on using the server
MODE  set transfer mode
NOOP   do nothing
REIN reinitialize the connection
STAT   return server status
STOU   store a file uniquely
STRU   set file transfer structure
SYST   return system type

 

FTP Return Codes

1xx Positive Preliminary reply The action requested is being initiated but there will be another reply before it begins
2xx Positive Completion reply The action requested has been completed. The client may now issue a new command.
3xx Positive Intermediate reply The command was successful, but a further command is required before the server can act upon the request
4xx Transient Positive Intermediate reply The command was not successful, but the client is free to try the command again as the failure is only temporary.
5xx Permanent Negative Completion reply The command was not successful and the client should not attempt to repeat it again.
x0x The failure was due to a syntax error.
x1x This response is a reply to a request for information.
x2x This response is a reply relating to connection information.
x3x This response is a reply relating to accounting and authorization.
x4x Unspecified as yet
x5x These responses indicate the status of the Server file system vis-a-vis the requested transfer or other file system action.

Tags: FTP

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001