Passive FTP still requires a connection for the initial FTP control connection, which is initiated from the FTP client to the server. However, the second connection for the FTP data connection is also initiated from the client to the server (the reverse of active FTP).
Figure 2-3 displays a typical FTP mode of operation between a client PC and FTP server in passive mode.
The following steps are completed before data can be transferred:
1. The FTP client opens a control channel on TCP port 21 to the FTP server and requests passive mode with the FTP command pasv, or passive. The source TCP port number for the control connection is any number randomly generated above 1023.
2. The server sends the port number to the client and waits for the client to initiate a data connection on that port. The FTP server receives the request and agrees to the connections using a randomly generated, local TCP port number greater than 1023.
3. The FTP client receives the information, selects a local TCP number randomly generated and greater than 1023, and opens a data channel to the FTP server (using the destination TCP port number selected by the server, a number greater than 1023).
4. The FTP server receives the FTP client's request and agrees to the connection by beginning to transfer data.
In passive FTP, the client initiates both the control connection and the data connection. In active mode, the FTP server initiates the FTP data channel. When using passive FTP, the probability of compromising data is lower because the FTP client initiates both connections.
Figure 2-3 FTP Passive Mode
Was this article helpful?