What is an FTP port?

FTP ports are com­mu­ni­ca­tion endpoints that enable the transfer of files between an end device and a server. FTP sessions can happen in passive mode or active mode, with passive mode being more com­pat­i­ble with firewalls. However, FTP is not a par­tic­u­lar­ly secure protocol.

How do FTP ports figure into File Transfer Protocol?

FTP (File Transfer Protocol) is a network protocol that operates on the ap­pli­ca­tion layer of the OSI model and is defined in RFC 959. The protocol, which was orig­i­nal­ly defined in 1971, makes it possible to transfer data back and forth between an end device and a server. It’s built on client-server ar­chi­tec­ture, which can be used to upload and download files and create di­rec­to­ries.

FTP works using requests and responses. Using FTP programs like FileZilla and FTP commands, data is requested and (if necessary) changed. The transfer then takes place using a data channel. FTP ports are used to ensure that the device can establish a secure con­nec­tion to the server.

What are FTP ports used for?

FTP ports are com­mu­ni­ca­tion endpoints that ensure that a con­nec­tion is es­tab­lished between an end device and an FTP server. FTP ports are used to identify the apps and services that you want to access on the server. The port will use numbers from 0 to 65535 for this. It’s only possible to establish a secure con­nec­tion when you know the relevant FTP port number. Once you have the correct FTP port number, you can start your file transfer. It’s possible to transfer binary files like images and programs or text files in ASCII mode.

How do FTP ports work?

To ensure a smooth transfer, two FTP ports are normally used for File Transfer Protocol. The first step is to establish a con­nec­tion between server and client on port 21. This is referred to as the command or control channel. After that, the client will establish a con­nec­tion to port 20, which is referred to as the data channel.

You might be asking yourself why we need to use two FTP ports. The answer lies in the roles of the two ports. The control channel is only used for sending FTP commands. The client sends commands to the server, and the server responds to each command with a status code. Au­then­ti­ca­tion with username and password is usually required for using this FTP port.

Data transfers are initiated or aborted using the control channel. However, the data itself is sent and received using a second channel, the data channel. Transfers can take place bidi­rec­tion­al­ly, going from server to client or client to server, depending on which commands are given. Directory listings can also be sent.

The use of two separate channels ensures that contact between client and server is possible at any time. Problems with the transfer of data are com­mu­ni­cat­ed using a status code and can then be solved using a new command.

What is the dif­fer­ence between FTP passive mode and active mode?

There is also a dif­fer­ence between FTP passive mode and active mode. The dif­fer­ence lies in the role of the server: In active mode, the server initiates the con­nec­tion. In passive mode, the server lets the client establish the con­nec­tion and simply confirms it. Below we’ll explain what’s behind the two different modes and why passive mode is sometimes necessary. But first we’ll explain how to establish passive and active FTP con­nec­tions. The two processes are rel­a­tive­ly similar.

How to establish an active FTP con­nec­tion

An active FTP con­nec­tion is es­tab­lished with the following steps:

1. First the client sends a con­nec­tion request to FTP port 21.
2. If the con­nec­tion is possible, the server will respond with a temporary client port.
3. The client then responds to the server’s response and confirms the active con­nec­tion.
4. Now the client sends an FTP port command. That confirms the use of an active FTP port, its IP addresss and the exact number of the FTP port that the server is supposed to connect with.
5. If all entries are correct, the server will confirm the command with a status code.
6. The client instructs the server to use FTP.
7. Now comes the active part: The server creates a data con­nec­tion and sends a request from FTP port 20 (the data channel) to the FTP port whose number the client has already provided.
8. The client confirms to the server that the data con­nec­tion is active and free of errors.
9. The server also sends a con­fir­ma­tion and gives the client per­mis­sion to transfer data.
10. Now the FTP port can be used for re­quest­ing and sending/receiving data.

How to set up an FTP port in passive mode

The steps will look very similar for FTP in passive mode. It’s only at the end that we see sig­nif­i­cant dif­fer­ences.

1. As above, the client sends a request from a temporary FTP port between 1024 and 65535 to the server’s FTP port 21.
2. The server answers the request and sends a con­fir­ma­tion to the port that sent the request.
3. The client confirms the con­nec­tion.
4. Then, instead of sending the FTP port command, the client sends a PASV command, which requests a passive protocol.
5. The server will confirm the request. Then it sends its IP address and FTP port number, which the client will connect with.
6. The client will then send a con­nec­tion request to the FTP port that the server sent.
7. If every­thing worked, the server will confirm the con­nec­tion.
8. The client will now establish the con­nec­tion with the server using that FTP port.
9. Finally, the client will send a transfer command from its control port to the server’s port 21. Data transfer is now possible, and FTP port 20 is no longer needed.

How can you tell if a con­nec­tion is active or passive?

Active mode is usually used for FTP transfers. If active mode isn’t being used, your hosting service will normally inform you that you’ve changed to passive mode. If you want to test which mode you are in, you can try to create a con­nec­tion. If it doesn’t work, change to the other mode.

When setting up your server, you can decide whether you want to use active or passive mode for FTP. You also have the choice when in­stalling your own Debian FTP server or Ubuntu FTP server in­stal­lieren. For the security of your system, we recommend doing port checks regularly.

What is FTP passive mode used for?

You might be asking yourself why FTP passive mode is useful in the first place. The main reason has to do with a problem that can crop up for users with a firewall. When the client is located behind a firewall that’s doing its job correctly, the firewall will block active con­nec­tions trying to access the client from outside. In the case of an active FTP port, this would include the server. You can get around this by using the FTP port in passive mode. In passive mode, the client initiates the con­nec­tion, meaning the firewall’s defenses won’t be triggered, and the data transfer can happen as intended.

Do you always need port 21?

While port 20 isn’t needed for passive mode, port 21 is needed for both passive and active mode. Since port 20 is only used for data transfer, the con­nec­tion is ter­mi­nat­ed after the transfer has been completed. In contrast, port 21 is always active. It’s used for the control channel and is involved with various transfers. Dis­con­nec­tion can only occur with a command from the user or when it is au­to­mat­i­cal­ly switched off after a timeout. This fact, as well as the un­en­crypt­ed transfer of usernames and passwords, makes FTP a po­ten­tial­ly dangerous gateway for unau­tho­rized access.

What’s the dif­fer­ence between FTP and SFTP?

This is where SSH File Transfer Protocol (SFTP) comes in. You can already see in its name that it bears some sim­i­lar­i­ties to FTP. But there are also sig­nif­i­cant dif­fer­ences between the two protocols, to the point that SFTP servers and standard clients cannot com­mu­ni­cate with each other. The most important dif­fer­ences between the two protocols are as follows:

• En­cryp­tion: Unlike the standard FTP port, SFTP ports are encrypted. This applies to usernames and passwords as well as the actual files being trans­ferred, making it a lot harder to get unau­tho­rized access.
• Port number: Whereas FTP uses port 21, SFTP uses port 22.
• Protocol: Whereas FTP uses TCIP/IP, SFTP uses SSH.

Summary: FTP ports are useful but not secure

FTP ports are an important and useful invention for trans­fer­ring files on the internet. FTP passive mode was also an important step in the right direction. But the biggest flaw in FTP (as with Trivial File Transfer Protocol (TFTP)) is the lack of en­cryp­tion. For secure file transfer, SFTP is a better choice.