What are Ports 20 and 21?
Ports 20 and 21 are well-known ports commonly used for FTP (File Transfer Protocol) services. Port 20 is used for FTP data transfer, while port 21 is used for FTP command and control. Understanding the purpose and function of these ports is helpful for configuring FTP services and troubleshooting connectivity issues.
Two key TCP ports—port 20 for data transfer and port 21 for command and control—are central to FTP operation. These well-known ports enable the separate flows of actual file data and the FTP commands issued to manage file actions.
Understanding how ports 20 and 21 are used for FTP provides insight into the underlying workings of this venerable file transfer protocol. It also assists in troubleshooting FTP connectivity issues and configuring FTP services.
Let’s examine in more detail how these two ports enable FTP’s dual flows of data and commands between clients and servers.
Key Takeaways
- Port 20 is used for FTP data transfer connections. This port enables the actual movement of files between the FTP client and the server.
- Port 21 is used for FTP command and control connections. This port transmits commands and responses for actions like listing directories, transferring files, etc.
- Together, ports 20 and 21 allow a full-featured FTP session between client and server. Port 21 handles commands, while port 20 handles the data being transferred.
- These ports use TCP as their core transport protocol and are considered “well-known ports” that are registered with the Internet Assigned Numbers Authority (IANA).
- Firewalls need to allow incoming and outgoing connections on ports 20 and 21 for proper FTP functionality. Passive mode FTP may use other high-number ports, too.
- FTP software like FileZilla and command line clients use port 21 to connect to FTP servers and issue commands. Data transfer then occurs on port 20.
- SFTP (SSH File Transfer Protocol) uses port 22 and is more secure than standard FTP since all communications are encrypted.
What’s the Difference Between Port 20 vs Port 21
| Feature | Port 20 (FTP data) | Port 21 (FTP control) |
|---|---|---|
| Purpose | Used for transferring data files between a client and server | Used for sending commands and receiving responses to control the FTP session |
| Data Transfer | Handles the actual transfer of data files | Manages the control and coordination of the data transfer |
| Connection Establishment | The data connection is established dynamically, typically from a random high-numbered port on the client to port 20 on the server | The control connection is established first, typically from a random high-numbered port on the client to port 21 on the server |
| Security | The data connection is generally less secure, as it can be more vulnerable to attacks | The control connection is more secure, as it is used for authentication, command, and response exchange |
| Passive vs. Active Mode | In active mode, the server initiates the data connection to the client’s port 20 | In passive mode, the client initiates the data connection to a randomly selected high-numbered port on the server |
| Firewall Traversal | Can be challenging to traverse firewalls due to the dynamic port selection | Easier to traverse firewalls since it uses a well-known port (21) |
| Performance | Potentially lower performance due to the overhead of establishing the dynamic data connection | Typically has higher performance since the control connection is maintained throughout the session |
| Reliability | More prone to connection failures due to the dynamic nature of the data connection | More reliable since the control connection is maintained throughout the session |
| Logging and Monitoring | Logging and monitoring the data transfer can be more challenging | Logging and monitoring the control commands and responses is generally easier |
| Use Cases | Suitable for transferring large files or entire directories | Suitable for managing and coordinating the file transfer process |
Port 20 – FTP Data Transfer
Port 20 is used for FTP data transfer connections. This port carries the actual file contents when uploading and downloading files to and from an FTP server.
When an FTP client needs to transfer a file to or from a server, a TCP connection is established between the client and server on port 20 for the duration of the data transfer. This connection allows the file to move between the systems using the FTP protocol.
Some key points about port 20 FTP data transfers:
- Port 20 provides a dedicated pipeline for transferring file contents between client and server. This separates file data from command and response flows.
- The FTP server process initiates the port 20 connection, not the client. This is called the “active” mode of FTP data transfers.
- When a client requests a file download, the server opens the port 20 connection back to the client’s IP address and port number. This allows the server to transfer the requested file data.
- For uploads, the client initiates the PORT command telling the server the IP and port to send data to. The server connects back to transfer the file data.
- Port 20 uses the TCP transport protocol, which ensures reliable, ordered delivery of the file’s contents.
- Data transfer connections on port 20 are torn down once the transfer is completed. They are reestablished for subsequent transfers.
- Firewalls need to permit inbound and outbound connections on TCP port 20 for active mode FTP to work.
Port 21 – FTP Command and Control
Port 21 is used for FTP command and control connections. This port establishes the main control connection between an FTP client and a server.
The FTP client connects to port 21 on the server to issue various commands for interacting with files and directories. Examples of commands include listing directories, changing folders, renaming files, and initiating file transfers.
Here are some key aspects of how port 21 is used for FTP command channels:
- The control connection on port 21 is persistent, staying open across multiple commands. Port 20 connections open and close for each data transfer.
- The client initiates the connection to port 21 at the start of an FTP session, and this connection remains established.
- FTP commands sent by the client and responses returned by the server all flow over this command channel connection.
- Common commands include USER, PASS, PWD, CWD, LIST, RETR, STOR, DELE, RNFR, RNTO. Clients send these, and servers respond.
- Port 21 commands manage all interactions with the FTP server; data transfer connections are opened on port 20 when needed.
- Firewalls must allow clients to establish outbound connections to port 21 TCP to interact with external FTP servers.
FTP Ports 20 and 21 Together
Ports 20 and 21 work together to enable FTP’s dual channels of data and commands:
- Port 21 carries the command and response flow to manage the session and request file actions.
- Port 20 opens connections as needed actually to transfer file data for downloads and uploads.
- The client interacts with the server via persistent port 21 connection and ephemeral port 20 data connections.
- This allows commands, responses, and data flow to be managed independently.
- Server-initiated connections on port 20 enable “active” mode FTP, the original data connection mode.
Here is an example sequence showing the port interaction:
- The client establishes a connection to the server on port 21
- The client sends username and password commands on the control channel
- The client sends a directory listing command over port 21
- The server opens port 20 connection back to the client and transfers the listing
- Client requests file download via port 21 command
- The server transfers file data over the new port 20 connection
This demonstrates how port 21 handles the ongoing command flow while port 20 connections carry the data. This separation is key to FTP’s flexibility and reliability.
FTP Ports Usage Summary
In summary, the standard ports used in FTP are:
- Port 21 – Command channel port that controls the FTP session
- Port 20 – Data port used for transferring file contents
- Servers listen on port 21 for incoming control connections. Data connections are established from server to client on port 20 for active mode transfers.
- Firewalls need to be configured to allow connections on both ports. Passive mode FTP may also use a high number of ports.
- Using ports 20 and 21 together enables reliable production FTP services for transferring files over TCP/IP networks.
Final Thoughts
In closing, ports 20 and 21 provide the fundamental building blocks that FTP relies on to transfer files efficiently and reliably over TCP/IP networks.
Port 21 enables the command and control dialog between the client and server that directs the entire FTP session and file actions. Port 20 connections allow the actual data flow for downloading and uploading files as requested via port 21 commands.
These two ports working together are the reason FTP remains a widely used protocol for file transfers after decades. Understanding how they enable FTP’s dual channels is useful both for configuring and troubleshooting FTP services in client-server environments and network applications.
Frequently Asked Questions (FAQ) About FTP Ports 20 and 21
Here are some common questions and answers about FTP ports 20 and 21:
Does FTP use UDP or TCP for its ports?
FTP uses TCP for its command and data connections on ports 20 and 21. TCP provides reliable, ordered data delivery and ensures file contents are transmitted accurately.
What port does SFTP use?
SFTP, the Secure File Transfer Protocol, operates over SSH and typically uses port 22 for both its command connection and data transfers. Compared to standard FTP, SFTP encrypts all communications for better security.
Can FTP active mode ports be changed?
Yes, the command and data ports used in active mode FTP can be changed from the defaults of 21 and 20 to other values if needed. This may be done to avoid conflicts. Clients would need to know the non-standard ports.
Does passive mode FTP use different ports?
In passive mode FTP, the client initiates both the command and data connections to the server. The server sends back a high range port number for establishing the data connection. Passive FTP may use ephemeral ports above 1023 for data transfers.
Can firewalls block FTP connections?
Yes, firewalls commonly block or restrict connections on ports 20 and 21 for security purposes. This can interfere with FTP capabilities unless properly configured FTP inspection rules are enabled. Passive FTP data ports may also need access.
Does FileZilla use port 21?
Yes, the popular FileZilla FTP client utilities connect to servers on port 21 for the command-channel connection. Data transfers use temporary connections initiated from the server on port 20 or an alternate data port specified by the server in passive mode.
What happens if port 21 is closed?
If port 21 is closed by a firewall or not open on an FTP server, clients will be unable to establish command channel connections needed to interact with the server. This will prevent access and abilities like transferring files.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
