The difference between Active (PORT) and Passive (PASV) connection types

http://www.rhinosoft.com/Knowledgebase/KBArticle.asp?RefNo=1138&prod=su



FTP uses two different connections. The first communication is the command connection that is established on port 21. This handles the authentication of the FTP Client. Then when the FTP Client wants to exchange any data with the server a new data connection is established.

There are two different methods to creating this new data connection. There is an Active (PORT) connection and a Passive (PASV) connection. The main difference between an Active and Passive connection is who makes the data connection.

When Passive mode is used the Client first connects to the server on port 21. Then the client issues a PASV command. The server then replies with an IP address and port number. The client finally uses that IP Address and port number to establish the data connection.

In the illustration below we will see what would happen to establish a data connection. The green text is still part of the command connection. The blue text is the successful result of the data connection being established. Where the server replies to the PASV command the first four numbers are the servers IP Address. The last two define the port that will be used for the data connection. To figure out what port is used multiply the first digit by 256 and add in the second. So in this example (( 55 x 256 ) + 99) = 14179.



PASV connections are most useful when the FTP Client is behind a firewall. Most firewalls do not block outbound traffic. The data connection can be established because it is going from the client to the server and the firewall sees this as normal outbound traffic.

An Active connection is different because the server actually connects back to the FTP Client for the data connection. In the illustration below we see the Port command being sent by the client. This time the client sends the server the IP Address and port number to connect to. Then the FTP Server tries to connect back to the FTP Client using that information. This method of establishing the data connection will work better if the FTP Server is behind a firewall.