Active mode and passive mode under FTP server construction 09/17 Update SLTechnology News&Howtos

Active mode and passive mode under FTP server construction

2025-09-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

Today, on a whim, I studied the ftp protocol and built a ftp server in linux, mainly studying the active and passive modes of ftp.

Let's briefly talk about ftp installation and configuration.

Ftp server: 192.168.3.14 linux vsftpd

Ftp client: windows 7

Check if ftp is installed

Run yum install vsftpd-y directly without installation

Modify ftp configuration file

Vim / etc/vsftpd/vsftpd.conf

Whether chroot_local_user=YES-- restricts all users to the home directory, YES is enabled

Anonymous_enable=NO-Anonymous access is not allowed

Whether chroot_list_enable=YES-- starts the list of restricted users YES is enabled

Whether chroot_list_file=/etc/vsftpd/chroot_list-- is restricted to the list of users under the home directory

Save with the above changes

Create a user authentication file chroot_list under the / etc/vsftpd directory and add local system users for ftp authentication

[root@jw vsftpd] # cat chroot_list-- add local operating system users to authenticate one account per line

Ftpuser

Ftptest

Change password: passwd ftptest

Password: niceman

Restart the service and see if port 21 is listening

Use lsof to see if the port is listening

Now start to visit ftp; Note, before access, please turn off selinux or temporarily close the firewall, specific in-depth ftp server configuration, please check the documents of Baidu, do not repeat.

Install wireshark

Yum install wireshark-y

Bag grab command: tshark-ni eth0-R "ftp"

It can be found that ftp is transmitted in clear text.

Tshark-ni eth0-R "tcp.dstport eq 21"-- grab packet control port

Next, let's talk about two modes of FTP.

Active Mode of FTP

Active FTP:

Command connection: client is greater than port 1023-> server port 21

Data connection: client is greater than 1023 port server 21 port

Data connection: client is greater than port 1023-> server > port 1023

The client still uses a port greater than 1023 to link to the FTP21 command control port that the server listens to, the server opens a random port greater than 1023 for data transmission to the client, and the passive mode server no longer uses 20 data port for transmission.

Note: windows uses IE or explorer to open the input address ftp://ip access, whether active or passive mode depends on the configuration here, see screenshot; IE--Internet option-Advanced

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.