◂ Back to Resources

How Do Active and Passive FTP Differ?

Although FTP has been around for nearly five decades, it’s often more complex than many expect. A common area of confusion lies in understanding the differences between active and passive FTP sessions, particularly when it comes to the ports in use and how the protocol functions. So, what sets active FTP apart from passive FTP, and what are the benefits and drawbacks of each mode?

Posted: 21-10-2024

Read time: 3 min

Article

FTP

Active FTP

Passive FTP

File Transfer

Networking

Active FTP

Despite its name suggesting a sense of preference or dominance, active FTP sessions are relatively uncommon in modern networks. In active mode, port 21 is employed to establish the control channel and authenticate the client (which initiates the connection) with the server (which receives the connection).

After authentication, the client sends a PORT command to the server, instructing it to connect back to the client on a secondary port—often a dynamic port—and provides the IP address that the client sees as its own. The server then opens this second connection, known as the data port, to facilitate the file transfer.

To put it simply, in active FTP, the client creates the control channel, while the server opens the data channel.

Advantages of Active FTP:

  • Enhanced security for the server since only port 21 needs to remain open inbound.
  • Easier setup from the perspective of server administrators.

    • Disadvantages of Active FTP:

  • Many FTP clients operate behind NAT (Network Address Translation) firewalls, and mobile devices, such as laptops, frequently change their external IP addresses. This requires reconfiguring the IP address sent in the PORT command each time it changes.
  • Wherever the FTP client is located during a session, it must ensure that the dynamic data port is allowed through any firewalls between the client and server.

    • Passive FTP

    Passive FTP mode was developed to ease the firewall configuration burden on the client side. Unlike active FTP, in passive mode, the client initiates both the control and data channels.

    The process begins the same way: the client opens a control channel on port 21 with the server, using this for authentication and setup. However, instead of sending a PORT command for the server to open a data connection, the client sends a PASV command. This prompts the server to provide an IP address and port number, which the client then uses to establish the data channel.

    Advantages of Passive FTP:

  • The responsibility for configuring the connection falls on the server side, which is typically static and less prone to changes.
  • No inbound firewall configuration is required for the client.

    • Disadvantages of Passive FTP:

  • On the server side, administrators will need to open a range of dynamic ports in the firewall to accommodate the data channel.

    • Which is More Secure: Active or Passive FTP?

    This question is a bit misleading, as neither mode is inherently more secure than the other. In both active and passive FTP, data transferred between the client and server remains unencrypted, making it susceptible to sniffing attacks. For secure file transfers, it’s better to use encrypted protocols like FTPS or SFTP.

    Overview