FTP active mode and passive mode

  sonic0002        2013-04-01 07:01:25       54,243        1    

1. What's active mode and passive mode

a. FTP has two ports to control:

  • Port 20 is for data transfer
  • Port 21 is for control or establish TCP connection

b. The process of active connection

Note: C represents Client and S represents Server

  • S opens port 20 and 21
  • C connects to port 21 of S with a random port, this port can be between 1024 and 65536, it sends port+x to server at the same time to specify C(X)->S(21)
  • When S receives the command, it will sends back ACK, S(21)->C(X)
  • S will set up a connection between its port 20 and client's X+1, S(20)->C(X+1)
  • C responds with an ACK,C(X+1)->S(20)

c. The process of passive connection

Note: C represents Client and S represents Server

  • S opens port 21 and a TCP port which is larger than 1024
  • C connects to S's port 21 using a random port, this random port ranges from 1024 to 65535 and it will sends command PASV,C(X)->S(21)
  • S receives the command and responds an ACK, and it specifies a new port y, S(21)->C(x)
  • C initiates a connection to S's y port with its port x+1. C(x+1)->S(y)
  • S returns an ACK, S(y)->C(x+1)

2. Distinguish between active mode and passive mode with example

1. VSFTP installation

yum install vsftpd -y

2. Close iptables and selinux

3. Configure active mode

connect_from_port_20=YES

#Data channel used by active mode

pasv_enable=NO

#Disable passive mode

4. Configure passive mode

connect_from_port_20=NO

pasv_enable=YES

 pasv_min_port=1024
 pasv_max_port=65536

pasv_address ï¼ˆDefault: (none - the address is taken from the incoming connected  socket) )

5. Start

chkconfig --level 2345 vsftpd on

/etc/init.d/vsftpd start

6. Check connection status

# netstat -an |grep C 
tcp        0      0 S:52160         C:16091          TIME_WAIT  
tcp        0      0 S:21            C:15354          TIME_WAIT  
tcp        0 434064 S:43407         C:16220          ESTABLISHED 
tcp        0      0 S:21            C:16090         ESTABLISHED 

Active mode
# netstat -an |grep C
tcp        0 268488 S:20            C:18434          ESTABLISHED 
tcp        0      0 S:21            C:18433          TIME_WAIT  
tcp        0      0 S:20            C:18426          TIME_WAIT  
tcp        0      0 S:21            C:18425          TIME_WAIT  
tcp        0      0 S:21            C:18418          TIME_WAIT  
tcp        0      0 S:20            C:18420          TIME_WAIT  
tcp        0      0 S:21            C:18369          TIME_WAIT  
tcp        0      0 S:20            C:18397          TIME_WAIT  
tcp        0      0 S:21            C:18387          ESTABLISHED

Note :

Vsftp's active mode and passive mode can exist at the same time.

Source : http://cloudbbs.org/forum.php?mod=viewthread&tid=13343

FTP  ACTIVE MODE  PASSIVE MODE 

       

  RELATED

  1 COMMENT

Anonymous [Reply]@ 2018-06-12 03:34:47

How awesome!

Great help to understand ftp connection.

I appreciate it.


  RANDOM FUN

When deadline is near