What is an FTP port?

FTP ports are communication endpoints that enable the transfer of files between an end device and a server. FTP sessions can happen in passive mode or active mode, with passive mode being more compatible with firewalls. However, FTP is not a particularly secure protocol.

How do FTP ports figure into File Transfer Protocol?

FTP (File Transfer Protocol) is a network protocol that operates on the application layer of the OSI model and is defined in RFC 959. The protocol, which was originally defined in 1971, makes it possible to transfer data back and forth between an end device and a server. It’s built on client-server architecture, which can be used to upload and download files and create directories.

FTP works using requests and responses. Using FTP programs like FileZilla and FTP commands, data is requested and (if necessary) changed. The transfer then takes place using a data channel. FTP ports are used to ensure that the device can establish a secure connection to the server.


Check out IONOS’ Cloud Server for unlimited traffic, certified data centres and high-power computing. You’re sure to find the right package!

What are FTP ports used for?

FTP ports are communication endpoints that ensure that a connection is established between an end device and an FTP server. FTP ports are used to identify the apps and services that you want to access on the server. The port will use numbers from 0 to 65535 for this. It’s only possible to establish a secure connection when you know the relevant FTP port number. Once you have the correct FTP port number, you can start your file transfer. It’s possible to transfer binary files like images and programs or text files in ASCII mode.

How do FTP ports work?

To ensure a smooth transfer, two FTP ports are normally used for File Transfer Protocol. The first step is to establish a connection between server and client on port 21, the FTP default port. This port is referred to as the command or control channel. After that, the client will establish a connection to port 20, which is referred to as the data channel.

You might be asking yourself why we need to use two FTP ports. The answer lies in the roles of the two ports. The control channel is only used for sending FTP commands. The client sends commands to the server, and the server responds to each command with a status code. Authentication with username and password is usually required for using this FTP port.

Data transfers are initiated or aborted using the control channel. However, the data itself is sent and received using a second channel, the data channel. Transfers can take place bidirectionally, going from server to client or client to server, depending on which commands are given. Directory listings can also be sent.

The use of two separate channels ensures that contact between client and server is possible at any time. Problems with the transfer of data are communicated using a status code and can then be solved using a new command.

What is the difference between FTP passive mode and active mode?

There is also a difference between FTP passive mode and active mode. The difference lies in the role of the server: in active mode, the server initiates the connection. In passive mode, the server lets the client establish the connection and simply confirms it. Below we’ll explain what’s behind the two different modes and why passive mode is sometimes necessary. But first we’ll explain how to establish passive and active FTP connections. The two processes are relatively similar.

How to establish an active FTP connection

An active FTP connection is established with the following steps:

  1. First the client sends a connection request to FTP port 21.
  2. If the connection is possible, the server will respond with a temporary client port.
  3. The client then responds to the server’s response and confirms the active connection.
  4. Now the client sends an FTP port command. That confirms the use of an active FTP port, its IP addresss and the exact number of the FTP port that the server is supposed to connect with.
  5. If all entries are correct, the server will confirm the command with a status code.
  6. The client instructs the server to use FTP.
  7. Now comes the active part: the server creates a data connection and sends a request from FTP port 20 (the data channel) to the FTP port whose number the client has already provided.
  8. The client confirms to the server that the data connection is active and free of errors.
  9. The server also sends a confirmation and gives the client permission to transfer data.
  10. Now the FTP port can be used for requesting and sending/receiving data.

How to set up an FTP port in passive mode

The steps will look very similar for FTP in passive mode. It’s only at the end that we see significant differences.

  1. As above, the client sends a request from a temporary FTP port between 1024 and 65535 to the server’s FTP port 21.
  2. The server answers the request and sends a confirmation to the port that sent the request.
  3. The client confirms the connection.
  4. Then, instead of sending the FTP port command, the client sends a PASV command, which requests a passive protocol.
  5. The server will confirm the request. Then it sends its IP address and FTP port number, which the client will connect with.
  6. The client will then send a connection request to the FTP port that the server sent.
  7. If everything worked, the server will confirm the connection.
  8. The client will now establish the connection with the server using that FTP port.
  9. Finally, the client will send a transfer command from its control port to the server’s port 21. Data transfer is now possible, and FTP port 20 is no longer needed.

How can you tell if a connection is active or passive?

Active mode is usually used for FTP transfers. If active mode isn’t being used, your hosting service will normally inform you that you’ve changed to passive mode. If you want to test which mode you are in, you can try to create a connection. If it doesn’t work, change to the other mode.

When setting up your server, you can decide whether you want to use active or passive mode for FTP. You also have the choice when installing your own Debian FTP server or Ubuntu FTP server installieren. For the security of your system, we recommend doing port checks regularly.


Want scalability, useful security features and your own domain? Choose web hosting from IONOS and bring your website to the top.

What is FTP passive mode used for?

You might be asking yourself why FTP passive mode is useful in the first place. The main reason has to do with a problem that can crop up for users with a firewall. When the client is located behind a firewall that’s doing its job correctly, the firewall will block active connections trying to access the client from outside. In the case of an active FTP port, this would include the server. You can get around this by using the FTP port in passive mode. In passive mode, the client initiates the connection, meaning the firewall’s defences won’t be triggered, and the data transfer can happen as intended.

Do you always need port 21?

While port 20 isn’t needed for passive mode, port 21 is needed for both passive and active mode. Since port 20 is only used for data transfer, the connection is terminated after the transfer has been completed. In contrast, port 21 is always active. It’s used for the control channel and is involved with various transfers. Disconnection can only occur with a command from the user or when it is automatically switched off after a timeout. This fact, as well as the unencrypted transfer of usernames and passwords, makes FTP a potentially dangerous gateway for unauthorized access.

What’s the difference between FTP and SFTP?

This is where SSH File Transfer Protocol (SFTP) comes in. You can already see in its name that it bears some similarities to FTP. But there are also significant differences between the two protocols, to the point that SFTP servers and standard clients cannot communicate with each other. The most important differences between the two protocols are as follows:

  • Encryption: unlike the standard FTP port, SFTP ports are encrypted. This applies to usernames and passwords as well as the actual files being transferred, making it a lot harder to get unauthorized access.
  • Port number: whereas FTP uses port 21, SFTP uses port 22.
  • Protocol: whereas FTP uses TCIP/IP, SFTP uses SSH.

Choose from a variety of SFTP hosting packages from IONOS. You’re sure to find one that fits your needs.

Summary: FTP ports are useful but not secure

FTP ports are an important and useful invention for transferring files on the internet. FTP passive mode was also an important step in the right direction. But the biggest flaw in FTP (as with Trivial File Transfer Protocol (TFTP)) is the lack of encryption. For secure file transfer, SFTP is a better choice.

Page top