You are quite correct.
In active mode, the client specifies its IP address and port number with a PORT (or EPRT) command. The server opens a connection from port 20 to the socket in question, and this connection is then used for data transfers.
In passive mode, the client sends a PASV (or EPSV) command, and the response from the server will contain the IP address and port number of the server. Most FTP servers have a configuration parameter specifying an ephermal port range for passive connections, so the port number is not likely to be 20. The client then initiates a secondary TCP connection to the port in question.
One shouldn't expect the source port number (at the client end) of a passive connection to be 20, as FTP clients are usually run by unprivileged user accounts and aren't allowed to use "well-known" ports.
There's no technical reason why the
server port number for a passive connection couldn't be 20, but according to RFC959:
Quote:
PASSIVE (PASV)
This command requests the server-DTP to "listen" on a data port (which is not its default data port) and to wait for a connection rather than initiate one upon receipt of a transfer command.
|
So the standard actually mandates (or at least strongly suggests) that port 20 shouldn't be used on the server side in passive mode.