Announcement

Collapse
No announcement yet.

Passive ftp who initiate the first communication?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Passive ftp who initiate the first communication?

    According to Wikipedia,

    FTP can be run in active mode or passive mode, which control how the second connection is opened. In active mode the client sends the server the IP address port number that the client will use for the data connection, and the server opens the connection. Passive mode was devised for use where the client is behind a firewall and unable to accept incoming TCP connections. The server sends the client an IP address and port number and the client opens the connection to the server.[3] Both modes were updated in September 1998 to add support for IPv6 and made some other changes to passive mode, making it extended passive mode[5].
    http://en.wikipedia.org/wiki/File_Transfer_Protocol

    The question is who initiate the first communication on passive ftp? The client itself or the server and from which port to which port?

    Thanks!

  • #2
    Re: Passive ftp who initiate the first communication?

    firstly - your quoted material already tells you what you nee to know.

    secondly - why not run wireshark, or netmon, capture and interpret the traffic and establish it yourself ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Passive ftp who initiate the first communication?

      Thanks tehcamel, probably my question earlier is not very clear.. Actually I'm looking for which ports need to be opened if we want to allow passive ftp connection in a network.

      The article below is very good in explaining active ftp vs passive ftp and their behaviour.

      Active FTP


      Passive FTP


      Summary

      The following chart should help admins remember how each FTP mode works:
      Active FTP :
      command : client >1023 -> server 21
      data : client >1023 <- server 20

      Passive FTP :
      command : client >1023 -> server 21
      data : client >1023 -> server >1023http://technicians-blog.kingcomputer.com.au/active-ftp-vs-passive-ftp-and-firewall-issues/

      Comment


      • #4
        Re: Passive ftp who initiate the first communication?

        could you explain what you mean by ports in the firewall ?

        To allow your client devices to use Passive FTP, or to run an FTP server within your firewall ?
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Passive ftp who initiate the first communication?

          The client initiate all traffic (communication and data channels) when using passive FTP.
          In Active FTP mode, the client initiate the communication channel (port 21) and the server initiate the data channel.
          Depending on the firewall you have, most firewalls allow passive FTP per default. Most firewalls recognize the communication channel and because of this, the firewall expect a the next session.

          If you are running ASA for example, you have to enable the inspect FTP command. For ISA server, it recognizes it per default using the FTP filter.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment

          Working...
          X