Is there a way to identify whether FTP Server is Enabled with Passive Mode?

Question

I am trying to connect to an FTP Server and it works fine with Active Mode but seems to be failing with Timedout message when I try to connect via Passive Mode. Is there a way to check whether the FTP Server Accepts requests on Passive Mode?

ftp -p <FTP_Server> 
ftp> quote pasv 
227 Entering Passive Mode 
ftp> ls
227 Entering Passive Mode 
ftp: connect: Connection timed out

I have tried the following so far:

• From my WSL Environment (i.e Ubuntu), I tried doing an FTP communication towards FTP Server.

• But while doing the list operation, I am getting timedout. What does this mean? Does this mean, Passive communication is not supported?

Answer 1

The PASV command is used to enable passive mode on the server. If you issue that command and get an error code (which should be 500 Unknown command), you know it's not supported. If you get a 227 Entering Passive Mode response, you know passive is supported.

Using telnet and FTP commands from the command line as an example:
% telnet ftp.mozilla.org 21
Trying 63.245.208.138...
Connected to dm-ftp01.mozilla.org.
Escape character is '^]'.
220-  [greeting omitted]
USER anonymous
331 Please specify the password.
PASS jathanism@
230-  [banner omitted]
230 Login successful.
Good command (passive mode is supported):

PASV
227 Entering Passive Mode (63,245,208,138,202,53)
Bad command (500 error thrown):

FART
500 Unknown command.

Only the response code (always 227) is standardized in a successful PASV response; the text comprising the IP/Port is not. It varies from one FTP server provider to the next. Not all suppliers use the phrase "Entering Passive Mode," not all vendors put the IP/Port in parenthesis, some vendors place the IP/Port at the beginning of the text while others put it at the end, and so on. You must scan the text for the IP/Port; you cannot assume that it is formatted correctly.

The initial connection is established over a command port when using FTP, FTP/SSL Auth (Explicit SSL), or FTPS (Implicit SSL). The command ports are usually port 21 (for FTP and FTP/SSL Auth) and port 990 by default (for FTPS, Implicit SSL). The command port establishes an FTP server connection and accepts authentication. After successful authentication, the FTP client issues a command to obtain a list of folders and files, which is sent over the data port. Between the FTP client and the FTP server, the data port is negotiated.

NOTE: If using HTTP or HTTPS to connect to the FTP server, the FTP server administrator must have directory listings enabled; otherwise, when connected to the home folders and files will not be visible. For data connections, WS FTP Professional will attempt to connect using Passive mode by default. When WS FTP Professional establishes a Passive mode connection in order to negotiate data ports, it asks the FTP server what port to open and receives the folder and file list. If the Passive mode fails and the FTP server provides a port that is not open on the local computer firewall or the network, WS FTP Professional will send a Port command. The Port command informs the FTP server of the IP address and port to which the list of folders and files should be sent. If the FTP server network doesn't have the port available or can't connect to the server, The Port mode data connection to the WS FTP Professional IP address will fail and timeout. When connecting with a Port mode, WS FTP Professional sends the computer's local IP address by default. The FTP server will be unable to respond to the client if this is a non-routable IP address. Set the public IP address for the FTP server in the WS FPT Professional. To find the public IP address, do the following: Go to www.whatismyip.com in your browser. The public IP address will be returned. In the WS FTP Professional, enter this IP address. Select Firewall from the Tools/Options menu. Examine the 'Force PORT IP address' option. Put the public IP address here. Click OK