Articles

How the FTP Protocol Works: Commands, Control, and Data Channels (2026)

April 18, 2026 4 min read

FTP is a surprisingly old protocol, and its most counterintuitive feature is that it uses two separate connections to transfer a single file.

Let’s see it in action. Imagine we have an FTP server running on 192.168.1.100 and an FTP client on 192.168.1.50.

First, the client establishes a connection to the server’s control port, typically port 21. This is where all the commands go.

$ ftp 192.168.1.100
Connected to 192.168.1.100.
220 (vsFTPd 3.0.3)
Name (192.168.1.100:user): anonymous
331 Anonymous access allowed, send e-mail address
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,100,123,45)
150 Here comes the directory listing
-rw-r--r--    1 0        0            1024 Jan 01 10:00 file1.txt
drwxr-xr-x    2 0        0            4096 Jan 01 10:05 subdir
226 Transfer complete.
ftp> get file1.txt
227 Entering Passive Mode (192,168,1,100,123,46)
150 Opening BINARY mode data connection for file1.txt (1024 bytes)
226 Transfer complete.

In this interaction:

  • The ftp> prompt signifies the client is ready to send a command over the control connection.
  • 220, 331, 230 are server responses to commands.
  • ls is a command to list directory contents.
  • 227 Entering Passive Mode (192,168,1,100,123,45) is the server telling the client which IP address and port (192.168.1.100:49701 - calculated as 123 * 256 + 45) it should use for the data connection.
  • 150 Here comes the directory listing is the server indicating it’s about to send data.
  • The actual file listing is received.
  • 226 Transfer complete. signals the end of the data transfer for that command.
  • get file1.txt is the command to retrieve a file.
  • Another 227 Entering Passive Mode indicates a new port for the file data.
  • 150 Opening BINARY mode data connection for file1.txt (1024 bytes) shows the data connection is opening, and the file size.
  • The file content is transferred over this separate data connection.
  • 226 Transfer complete. confirms the file transfer is done.

FTP operates in two primary modes: Active and Passive. The example above uses Passive mode, which is more common and firewall-friendly.

Active Mode:

  1. Client connects to server’s port 21 (control).
  2. Client sends PORT command with its IP and an ephemeral port number (e.g., PORT 192.168.1.50,1025).
  3. Server initiates a connection from its data port (typically 20) to the client’s specified IP and port.
    • This often fails because client-side firewalls block incoming connections.

Passive Mode:

  1. Client connects to server’s port 21 (control).
  2. Client sends PASV command.
  3. Server opens a random, high-numbered ephemeral port (e.g., 49701) and tells the client its IP and that port number (e.g., 227 Entering Passive Mode (192,168,1,100,123,45)).
  4. Client initiates a connection from an ephemeral port to the server’s specified IP and ephemeral port.
    • This works better with firewalls because the client initiates both connections.

The control connection is persistent for the session, handling commands like USER, PASS, CWD, PWD, LIST, RETR (get), STOR (put), QUIT. The data connection is established per transfer (for LIST, RETR, STOR) and then closed.

The mode (ASCII or Binary) is set by TYPE A or TYPE I (for binary). ASCII mode performs line ending conversions (CRLF to LF on Unix, LF to CRLF on Windows), which can corrupt binary files. Always use TYPE I for anything non-textual.

The control channel uses TCP port 21. The data channel uses a dynamically negotiated TCP port. This dynamic port negotiation is precisely why FTP is often problematic with firewalls and NAT. The server’s PASV response includes its IP address, which is crucial. If the server is behind NAT, it must advertise its public IP address in the PASV command response for the client to connect successfully. Many FTP servers have a configuration option to specify the external IP address for this purpose.

A common misconception is that the data transfer happens on port 21 after the initial handshake. This is incorrect; port 21 is only for commands and responses. The data channel is entirely separate.

The most surprising part for many is how the server uses port 20 for its data connection in Active mode, and how it initiates the connection back to the client. In Passive mode, the server simply opens another port and waits for the client to connect to it.

The next thing you’ll likely grapple with is securing FTP, as the credentials and data are sent in plain text.

Want structured learning?

Take the full Ftp course →