Traffic flow for Active mode and Passive mode:
1. Active FTP :
command : client >1023 -> server 21
data : client >1023 <- server 20
Running ftp command from client 10.9.200.28 to connect server 10.9.200.14:
C:Usersj>ftp 10.9.200.14
Connected to 10.9.200.14.
220-FileZilla Server version 0.9.41 beta
220-written by Tim Kosse ([email protected])
220 Please visit http://sourceforge.net/projects/filezilla/
User (10.9.200.14:(none)): test
331 Password required for test
Password:
230 Logged on
ftp> debug
Debugging On .
ftp> mput C:UsersjohnDocumentsa1.txt
mput C:UsersjohnDocumentsa1.txt?
—> PORT 10,94,200,28,255,15
200 Port command successful
—> STOR a1.txt
150 Opening data channel for file transfer.
226 Transfer OK
ftp: 30348 bytes sent in 0.00Seconds 30348000.00Kbytes/sec.
ftp> ls
—> PORT 10,94,200,28,255,121
(Port number is 255*256+121=65401)
200 Port command successful
—> NLST
150 Opening data channel for directory list.
a1.txt
Tekradius DB.bak
226 Transfer OK
ftp: 26 bytes received in 0.00Seconds 26000.00Kbytes/sec.
ftp>
On server 10.9.200.14, checked the port number 65401 with netstat -na command
2. Passive FTP :
command : client >1023 -> server 21
data : client >1024 -> server >1023
ftp> literal pasv
—> pasv
227 Entering Passive Mode (10,94,200,14,233,114)
ftp>
Notes:
FTP communications use two port number values – one for commands (port 21 by default) and one for data transfer (this is where the PORT command comes into play).
The PORT command is sent by an FTP client to establish a secondary connection (address and port) for data to travel over. In some FTP implementations port 20 is used for data, but that is the exception rather than the rules. Typically in a trace you will see data crossing over a dynamic port number (IANA states that this range should be between 49152 through 65535, but most likely you’ll see your application using something just above 1024 – the area that used to be the dynamic port number area).
