What are Ports 20 and 21?
by Colin Cohen | Published on February 09, 2024
Quick Definition: FTP servers use port 20 for file transmissions in FTP sessions. But they only do so in active mode FTP sessions. FTP servers use port 21 to receive commands from FTP clients. No transfer of files happens over this port.
Definition of Port 20
The Internet Assigned Numbers Authority (IANA) assigned port 20 to file transmissions during FTP sessions. You only use port 20 if you are using active FTP mode, which is problematic if the client has a firewall, as the server will need to open a random port on the client’s device.
Common Uses of Port 20
In active mode FTP sessions, you use port 20 to transmit files. Known as the data port, port 20 handles the uploading and downloading of files between a client and a server.
How Port 20 Operates in a Network Environment
In an active mode FTP session, the following occurs:
An FTP client logs into an FTP server over port 21 and establishes an active mode session using the PORT command.
The client issues commands to transfer files.
The server opens a data session from port 20 to a random port on the client.
If the server can communicate with the client over the client’s random port, the client and server transfer files between them over port 20.
Definition of Port 21
The IANA assigned port 21 to issue commands during an FTP session. Unlike port 20, you use port 21 during FTP sessions regardless of whether you use active or passive mode FTP.
Common Uses of Port 21
An FTP client connects to an FTP server over port 21, the command port, to issue FTP commands. These commands can include the following:
Authentication commands such as USER and PASS.
Mode commands such as PORT and PASV.
File commands such as GET and PUT.
How Port 21 Operates in a Network Environment
Port 21 functions in the following manner:
An FTP client logs into an FTP server over port 21.
If the client sends a PORT command, the server attempts to establish an active mode FTP session by opening a random port on the FTP client’s device before transferring files over port 20.
If the client sends a PASV command, the client establishes a passive mode FTP session by opening a random port before transferring data between it and a random port on the server.
What are the Key Differences Between Port 20 and Port 21?
While port 20 and port 21 both relate to FTP use, there are key differences. Port 20 transfers files during active mode FTP sessions, while port 21 is for issuing commands related to FTP transfers.
Variances in Functionality
You use port 20 to transfer files in active mode FTP sessions. You use port 21 for issuing FTP commands in these sessions, whether the sessions are conducted in active mode or passive mode.
Security Implications of Each Port
The use of FTP over port 20 and 21 is inherently insecure because traffic passed over them is unencrypted. If security is a concern, you should consider using one of the secure versions of the protocol: Secure File Transfer Protocol (SFTP) over port 22 or File Transfer Protocol Secure (FTPS) over ports 989 and 990.
How to Identify and Differentiate Between the Two Ports
When you establish an FTP session by sending FTP commands between an FTP client and a FTP server, you do so over port 21. When you transmit files between the client and server, you do so over port 20, but only if you are engaging in an active mode FTP session.
What is the Importance of Port 20 and Port 21 to Data Transfer?
Both port 20 and port 21 are important when transferring files in FTP sessions. You use port 21 for sending commands relating to these transfers, and you use port 20 for the actual transfers in active mode FTP sessions.
Role of Port 20 and Port 21 in FTP (File Transfer Protocol)
In FTP, servers transfer files over port 20 during active FTP sessions. Clients issue FTP commands to servers over port 21 regardless of whether the FTP sessions are active or passive.
Impact on Uploading and Downloading Files
The uploading and downloading of files takes place over port 20 in active mode FTP sessions. Port 21 is for sending commands relating to the uploading and downloading of the files.
Potential Vulnerabilities Associated with These Ports
As there is no encryption when using FTP over port 20 and 21, anyone who can intercept the traffic can read the sessions. Additional vulnerabilities include brute force attacks and unauthorized directory traversals.
What are the Best Practices for Securing Port 20 and Port 21?
As no encryption takes place when using FTP over port 20 and 21, you should consider using one of the secure versions of FTP if security is a concern. Even if it’s not, you must set up firewall rules on your server.
Encryption Methods for Data Transfer
When using FTP over ports 20 and 21, no encryption takes place. If you want to use encryption with FTP, you need to do so with SFTP over port 22 or FTPS over ports 989 and 990.
Implementing Firewall Rules for Port 20 and Port 21
When using active mode FTP, you must open port 20 and 21 on your server through firewall rules. If you are using passive mode FTP, you only need to set up firewall rules for port 21 to open it for traffic.
Utilizing Secure FTP Protocols
You can set up a secure version of FTP through either SFTP (over port 22) or FTPS (over port 989 and 990.) Keep in mind that using FTPS is much faster than using SFTP.
What Happens When Port 20 and 21 Are Closed?
If either port 20 or port 21 are closed, you cannot establish an active mode FTP session. You only need to open port 21 for a passive mode FTP session.
Conclusion
Using FTP over port 20 and 21 lets you transfer files between FTP clients and servers. While port 21 is for sending commands to an FTP server, port 20 transfers files during active mode FTP sessions. As data sent over these ports are unencrypted, consider using one of the more secure versions of the protocol.