FTP (File Transfer Protocol) is a protocol belongs to the Application Layer of the TCP/IP protocol suite. As we had learned in previous lessons, FTP (File Transfer Protocol) is one among the early protocols of TCP/IP protocol suite. First RFC for FTP was published in the year 1971. FTP (File Transfer Protocol) is used to transfer electronic files from one computer to another computer. Similar to other protocols in TCP/IP protocol suite, FTP (File Transfer Protocol) also has a Client/Server style of operation. You need an FTP Server software and FTP Client software for file transfer.
Ports used by FTP (File Transfer Protocol)
FTP is not similar to other protocols of TCP/IP protocol suite. FTP uses TCP as its Layer 4 (Transport Layer) protocol. To make file transfer happen, FTP (File Transfer Protocol) creates two different connection channels between FTP Server and FTP Client. One is called as FTP Control (also called as Command) and other one is FTP Data. FTP Server and FTP Client utilizes two different TCP ports, one is for FTP Control (also called as Command) connection and other is for FTP Data connection.
By default, FTP Server service (or daemon in Unix/Linux) listens exclusively on TCP port 21 for FTP Control channel connection. Actual file transfer happens by creating FTP Data connection between FTP Client and FTP Server, after the user is authenticated over FTP control channel.
There are 2 different modes for FTP, both works differently. Two different modes of FTP are 1) Active mode and 2) Passive mode (PASV). There is a misconception that FTP Data connection uses TCP port 20 always, which is not true. Depending on the mode used, the port used for FTP Data connection is NOT always on TCP port 20. FTP Active mode uses TCP port 20 for Data channel, but FTP Passive mode uses a random port number above 1023 (above well-known port range) for Data channel.
Following sections explain how FTP Active mode and FTP Passive mode works and the differences between FTP Active mode and FTP Passive mode.
FTP Active mode
In FTP Active mode, the FTP Client initiates the TCP three-way handshake and then connects to the FTP Server at TCP port number 21 (FTP Control well-known port) where the FTP Server waits for the Control channel connection. FTP Client uses a random port number above 1023 (above well-known port range) for FTP Control channel connection.
The interesting thing in FTP Active mode connection happens now. FTP Client opens a TCP port at client computer and then starts listening to it for FTP Data channel connection. Typically, this is one port above the Control channel port used by the FTP Client. Once the user authentication is completed, FTP Clients sends the FTP PORT command to inform the FTP Server the IP address and the TCP port the FTP Client is using for Data Channel connection.
The summary is, in FTP Active mode, the FTP Control channel connection is initiated by FTP Client by sending a TCP three-way handshake to the FTP Server to TCP port number 21 (FTP Control well-known port). But FTP Data channel connection is initiated by FTP Server by sending another TCP three-way handshake back to FTP Client, from TCP port number 20 (FTP Data well-known port).
Wireshark capture screenshot of an FTP PORT command is shown below.
The main problem with FTP Active mode is that the Server initiates TCP three-way handshake back to the FTP Client, for Data channel. Here the FTP client just opens a TCP port and inform the FTP Server to Connect that port, using FTP PORT command. This type of connection will usually fail, because the Client-side firewall sees it as an intrusion attempt from outside and the connection may get blocked by the firewall.
Following image explains the ports used in FTP Active mode.
FTP Passive mode
FTP Passive mode is used to avoid the FTP Server initiating a TCP three-way handshake to the FTP Client. In order to prevent FTP Server initiating a Data channel connection back to FTP Client, passive FTP (using PASV command) is used. FTP Passive mode can avoid firewall connection drop related issues.
In FTP Passive mode, the FTP Client opens two random ports above 1023 on the client computer. One port is used for FTP Control channel and the other is used for FTP Data channel. Once the user authentication is completed, FTP Client issues PASV command on Control channel to TCP port 21. FTP Server then opens a random port above 1023 and informs the FTP Client about the random port, using FTP 227 return code (entering Passive mode). Finally, the FTP Client initiates the TCP three-way handshake for FTP Data channel to FTP Server.
Following image explains the ports used in FTP Passive mode.