FTP is efficient at transferring large files quickly through the Internet.
File Transfer Protocol (FTP) is one of the original protocols included in the TCP/IP protocol suite upon which all Internet data transport and routing is based. The FTP specification was established when minimal network security was required, sending passwords over the network in clear text was safe, firewalls were not commonplace and Active FTP mode made sense. However, because firewalls are now a network necessity, FTP usage has moved away from Active FTP to accommodate security requirements.
Active and Passive FTP
The FTP protocol includes two variations or modes: "Active FTP" and "Passive FTP." The difference between the two lies in how a file transfer session is established. Both require a client/server connection and both use the underlying Transfer Control Protocol (TCP) and Internet Protocol (IP) for routing, data flow control, error detection and error correction. However, Active FTP employs two "ports" (numbers that identify a service that is bound to a computer network interface), whereas Passive FTP employs only one port.
The Active FTP Mechanism
Active FTP and Passive FTP mechanisms start the establishment of a file transfer session in the same way, which is to listen on port 21 of the computer network interface for an FTP client request to open a file transfer session. The request contains the FTP client's source port and data port (which is the source port plus 1). Once the request is received, the FTP server responds to the request from port 21 to the client's FTP source port with an acknowledgement. However, the third step in the FTP session establishment process is where Active FTP and Passive FTP differ because Active FTP responds from port 20 with data to the FTP client's data port, as described above. The FTP client responds back to the FTP server with an acknowledgement.
The Active FTP Firewall Issue
Firewalls are designed to stop traffic to the private network they are protecting that is not solicited by a host on the private network. For client/server communications, the firewall logic expects responses from the server to use the same destination port the client used when establishing a connection (in the case of FTP, that would be port 21). Active FTP initially responds as expected from port 21; however, it then responds with the data transfer from port 20. Because port 20 was not specified by the FTP client as the destination port, most firewalls will drop the data transfer response from the server that originates on port 20 unless special configurations are applied to the firewall to allow Active FTP.
Passive FTP As a Firewall Solution
Passive FTP resolves the firewall issue described in the previous section by changing the mechanism used to respond with the requested data transfer. Passive FTP performs the first two steps in data transfer session establishment in the same way as Active FTP. However, Passive FTP uses port 21 as the source port in step three, which is the source port the firewall is designed to expect for server responses to the FTP client. Since port 21 is the same port specified as the destination port by the client when initiating the file transfer session, the firewall will forward the data transfer traffic from port 21 on the server to the client.
Related posts
File Transfer Protocol (FTP) uses a data port and a command port. In active mode, the client connects to the server's command port and the server connects to the client's data port. Passive FTP mo...
While having a netbook makes browsing the Internet away from home a much simpler process, it can also be frustrating when you have programs spread out across two computers. If you have a program o...
MP3 files can be burned to disc easily.Of the many file types across the Internet and the computer world, .CDA files are unique. They represent the shortcuts to files that exist on a compact disc....
WAV files can be easily burned to CDBest-known for their use with video games, .XWB files are saved in audio formats similar to .AIFF and .WAV files. These files are known for their integrated for...
Like almost all services, the Secure FTP (SFTP) service in an operating system is designed to be able to listen on other ports than the default one. Not all services listen on their default ports...
