Understanding FTP connection modes and port usage is crucial for network configuration and troubleshooting. FTP’s dual-channel architecture creates complexity that students must master.
Active Mode: The client connects to the server’s port 21 for control commands, then the server initiates a data connection back to the client on a random port. This mode can cause firewall issues since the server connects back to the client.
Passive Mode: The client initiates both control and data connections to the server. After connecting to port 21, the client requests passive mode, and the server provides a port number for the data connection. This mode is firewall-friendly since all connections originate from the client.
FTPS complicates port management by requiring additional ports for TLS/SSL negotiation. Implicit FTPS uses port 990 for control and negotiates data ports, while Explicit FTPS starts on port 21 then upgrades to encryption.
SFTP simplifies this complexity by using only port 22 (SSH) for all communication. Both control commands and data transfer occur through the single encrypted SSH tunnel, eliminating the port management challenges inherent in FTP and FTPS.
Network administrators appreciate SFTP’s simplified port model, which reduces firewall complexity and improves security by minimizing the attack surface to a single, well-secured port.
