Skip to content
This repository has been archived by the owner on Mar 3, 2021. It is now read-only.

Active vs. Passive FTP

Jump to bottom
sax edited this page Mar 7, 2011 · 2 revisions

This information is fairly easy to find in teh internets, but as I had never bothered to look into the details before working on FakeFtp (and since this was the most difficult part of writing the gem) I thought it would be helpful to add an explanation as to the differences between active and passive FTP upload.

Overview of FTP sockets

FTP uses two sockets to process commands, a control connection and a data connection. The control connection is a socket through which FTP clients give commands and receive responses (success and error). This runs on the primary FTP port, 21 by default. The data connection is a secondary socket through which any necessary data is read or written. This is the connection that file bytes are written to, for instance. A lot of web pages say that this is generally port 20. Having looked at many server responses in the last few weeks, most servers pick their data ports from a range of free ports.

One interesting thing about this is that control and data don't have to be on the same machine, and they don't have to link to file stores. For example, an FTP client could send its data connection straight to a printer. A server could serve its control port from one IP address, but serve passive clients to a port on another IP.

Active

When you upload a file using active FTP (the default of many clients), what happens is that the client opens a local port and tells the server to retrieve data from it. The server connects back to the client on a new socket, through which it retrieves the file.

client: hay! i gots soem filez!
server: ohai! ill connects to you and gets filez!
client: kthxbai!

If you are behind a firewall, this may be a problem.

Passive

Because of the fact that system administrators generally don't like to open ports in firewalls, Passive FTP was invented. In this scenario, the client asks for a new connection. The server either opens a new port or provides the info for one freed up from another client. The client then connects to this secondary port and sends its data there.

client: I HAS FILEZ!
server: Ok, fine. Put them here.
client: FIIIIIILEZZZZZZZ!
server: Dude. Chill out.

IP and port info

When you play around with the FTP protocol, you'll see lots of strings like this:

PORT 198,162,0,1,74,98

or

227 Entering Passive Mode (127,0,0,1,80,137)

This is an IP address and a port. The first four comma separated values signify an IP address. The fourth and fifth values designate a port, as follows:

(80 * 256) + 137

In this case, the port is 20617.

Clone this wiki locally