What is FTP? Understanding Active vs. Passive

The FTP, although an older technology, is still very popular and is used routinely by IT departments and businesses worldwide.

What is FTP?

File Transfer Protocol (FTP) is a system designed to move files between computers over a network like the internet. 
The File Transfer Protocol, although an older technology, is still very popular and is used routinely by IT departments and businesses worldwide.

Why FTP is Still Important?

  • Simple and reliable: It's a tried and true technology for basic file transfers.
  • Large file support: FTP is good at handling big files that email often can't manage.
  • Scheduling and automation: Many FTP programs let you set up file transfers to happen at certain times or in response to specific events.

Understanding Active and Passive Modes

Even so, many users of FTP do not fully understand the difference between two of its basic configuration options: Active mode and Passive mode.

FTP Communication Channels:
Two Channels for Data Transfer

FTP uses two communication paths (also known as “channels”) in order to accomplish its goal of transferring files from one location to another.

  • Control Channel: Used to send FTP commands back and forth from the client and server. This connection is commonly made to port 21 of the server.
  • Data Channel: Used to transmit the raw data of the files being sent. The server port used for this channel depends largely on what communication mode is being used, Active or Passive.

Choosing Between Active and Passive Modes
Active vs. Passive Modes Explained

The default mode in FTP is Active mode, however, when configuring a connection most clients will ask you if you want to use Active or Passive. When you select Active or Passive mode you are specifying how you want the client and server to negotiate what ports to use when establishing the data channel.

  • Active Mode: The client sends the server a message on the control channel that contains what port (on the client) the server should connect to. The server then responds by connecting to that port to establish the data channel.
  • Passive Mode: Requires the server to send a message referencing a port number (on the server) that the client should connect to. The client then responds by connecting to that port on the server.

Remembering the Differences

An easy way to remember which mode is which is to associate the mode with how the server behaves.

Active Mode: The server actively makes the data channel connection to the client.
Passive Mode: The server behaves passively and waits for the client to connect to it.

Why Two Modes Exist?
Firewalls and the Need for Passive Mode

Now that you know the difference between them you might be wondering, why the need for two modes? The problem arises when you throw firewalls into the mix.

Active Mode Issues: In Active mode, the server makes the connection to the client, and even though the client program knows what port the server is going to attempt to connect to, the client's firewall may not be aware and block the connection.
Passive Mode Solution: Passive mode remedies this by having the client being the one that connects to the server on a port the server specifies. However, the server's firewall may now block that connection for the same reason.

Firewall Challenges and Solutions
Security Concerns with Wide Open Ports

In either case, one of the firewalls would need to allow connections on a wide range of ports to pass through, which is not ideal for security reasons.

Solutions Exist: Fortunately, there are ways around this, such as FTP proxies or smart firewalls that can analyze FTP command packets to identify expected incoming connections and dynamically open the specified port.
Encrypted Traffic and Future Discussion: However, this becomes complicated when using a secured version of FTP where the packets are encrypted and unable to be sniffed by the firewall. That is a discussion for another day.

While FTP remains useful, it's essential to be aware of its security limitations. Modern variants like FTPS (FTP over SSL) and SFTP (SSH File Transfer Protocol) address security shortcomings of the original FTP protocol and are often the preferred choice when dealing with sensitive data.

Please note: This post originally appeared on Extol.com (EXTOL has been acquired by Cleo).

For more information on how to reliably manage all of your organization's data transfer needs using Cleo's extensive protocol expertise, contact us at sales@cleo.com, +1.815.282.7695, or submit a callback request.

about cleo
About Cleo
Cleo helps organizations quickly onboard and automate every API and EDI integration directly into any back-office application and gain complete end-to-end visibility for every B2B transaction.
Learn More
Instantly access demo videos
Discover how Cleo is helping thousands of organizations take control over their B2B supply chain integrations.
View Demo
We hope you enjoyed reading this blog post.
If you’re ready to learn what Cleo can do for you, just reach out!
Contact Us Today