I would like to know if ftp actually uses port 20 in passive mode. Having read this article (http://www.slacksite.com/other/ftp.html), I gather that it doesn't. That it uses port 21 at the beginning and then it starts using a high port. Someone knowledgeable , though, told me that it does use port 20.

Could anyone explain?

Thanks

You are quite correct.

In active mode, the client specifies its IP address and port number with a PORT (or EPRT) command. The server opens a connection from port 20 to the socket in question, and this connection is then used for data transfers.

In passive mode, the client sends a PASV (or EPSV) command, and the response from the server will contain the IP address and port number of the server. Most FTP servers have a configuration parameter specifying an ephermal port range for passive connections, so the port number is not likely to be 20. The client then initiates a secondary TCP connection to the port in question.

One shouldn't expect the source port number (at the client end) of a passive connection to be 20, as FTP clients are usually run by unprivileged user accounts and aren't allowed to use "well-known" ports.

There's no technical reason why the server port number for a passive connection couldn't be 20, but according to RFC959:So the standard actually mandates (or at least strongly suggests) that port 20 shouldn't be used on the server side in passive mode.

1 members found this post helpful.

Thank you for your ample answer. If I were able to use either, which would be best, performance and securitywise?

With regards to security and performance, active vs. passive FTP should be of no significance.

Neither provides any security, and the speed of a TCP transfer does not vary depending on which side initiated the TCP connection.

2 members found this post helpful.

The only purpose of the passive mode is to get around NAT routers, and allow the ftp client to transfer data.

1 members found this post helpful.