Traffic flow for Active mode and Passive mode:

 1. Active FTP :

     command : client >1023 -> server 21
     data    : client >1023 <- server 20

Running ftp command from client to connect server
Connected to
220-FileZilla Server version 0.9.41 beta
220-written by Tim Kosse ([email protected])
220 Please visit
User ( test
331 Password required for test
230 Logged on
ftp> debug
Debugging On .
ftp> mput C:UsersjohnDocumentsa1.txt
mput C:UsersjohnDocumentsa1.txt?
—> PORT 10,94,200,28,255,15 
200 Port command successful
—> STOR a1.txt
150 Opening data channel for file transfer.
226 Transfer OK
ftp: 30348 bytes sent in 0.00Seconds 30348000.00Kbytes/sec.
ftp> ls
—> PORT 10,94,200,28,255,121
(Port number is 255*256+121=65401)
200 Port command successful
150 Opening data channel for directory list.
Tekradius DB.bak
226 Transfer OK
ftp: 26 bytes received in 0.00Seconds 26000.00Kbytes/sec.

On server, checked the port number 65401 with netstat -na command

 2. Passive FTP :

     command : client >1023 -> server 21
     data    : client >1024 -> server >1023

ftp> literal pasv
—> pasv
227 Entering Passive Mode (10,94,200,14,233,114)

FTP communications use two port number values – one for commands (port 21 by default) and one for data transfer (this is where the PORT command comes into play).

The PORT command is sent by an FTP client to establish a secondary connection (address and port) for data to travel over. In some FTP implementations port 20 is used for data, but that is the exception rather than the rules. Typically in a trace you will see data crossing over a dynamic port number (IANA states that this range should be between 49152 through 65535, but most likely you’ll see your application using something just above 1024 – the area that used to be the dynamic port number area).

By Jon

Leave a Reply