In PASV FTP, the client initiates the data connection at both the client and the remote site. The client begins a session using either normal or PASV FTP by sending a communication request through TCP port 21. This connection is referred to as the control channel communication. In a normal FTP operation, the data port (port 20) and a command or control port (usually port 21) are opened between two servers, enabling the exchange of files between units through a firewall. The passive mode FTP aids in the initiation of data flow from inside the network, rather than outside.
The FTP server initiates the data exchange from its native port (port 20) to client designated port (port 21). The first port contacts the server on port 21 and the client issues a PASV command instead of a PORT command. The PASV command then asks the server to designate a port it wishes to use as the data channel connection. The server responds to the command on the control channel specifying the port number. The client uses this port number to initiate the exchange on the data channel.
Because the client initiates both connections to the server, the problem of the firewall having to filter the incoming data port connection to the client from the server is solved.
Many FTP servers choose to reject PASV mode connections because of the security risks PASV carries.
The FTP server initiates the data exchange from its native port (port 20) to client designated port (port 21). The first port contacts the server on port 21 and the client issues a PASV command instead of a PORT command. The PASV command then asks the server to designate a port it wishes to use as the data channel connection. The server responds to the command on the control channel specifying the port number. The client uses this port number to initiate the exchange on the data channel.
Because the client initiates both connections to the server, the problem of the firewall having to filter the incoming data port connection to the client from the server is solved.
Many FTP servers choose to reject PASV mode connections because of the security risks PASV carries.
0 Comments