In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server’s command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command
PORT N+1 to the FTP server. The server will then connect back to the client’s specified data port from its local data port, which is port 20.
When drawn out, the connection appears as follows:
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a
PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the
PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.
When drawn, a passive mode FTP connection looks like this: