Passive FTP

Passive FTP still requires a connection for the initial FTP control connection, which is initiated by the FTP client to the server. However, the second connection for the FTP data connection is also initiated from the client to the server (the reverse of active FTP).

Figure 3-3 displays a typical FTP mode of operation between a client PC and FTP server in passive mode.

Figure 3-3 FTP Passive Mode

FTP Server

Passive FTP

FTP Client a.

FTP Port Number

20 Data 21 Command

>1023 >1023

FTP Port number

>1023 >1023

FTP Port Number

The following steps are completed before data can be transferred:

1 The FTP client opens a control channel on TCP port 21 to the FTP server and requests passive mode with the FTP command pasv, or passive. The source TCP port number is any number randomly generated above 1023.

2 The FTP server receives the request and agrees to the connections using a randomly generated, local TCP port number greater than 1023.

3 The FTP client receives the information, selects a local TCP number randomly generated and greater than 1023, and opens a data channel to the FTP server (on TCP greater than 1023).

4 The FTP server receives the FTP client's request and agrees to the connection.

In passive FTP, the client initiates both the control connection and the data connection. In active mode, the FTP server initiates the FTP data channel. When using passive FTP, the probability of compromising data is less because the FTP client initiates both connections.

0 0

Post a comment