Start Trial

FTP and FTPS ports: an overview

by | May 22, 2025 | FTP Basics, Informational

FTP ports: what they are, the types, and which port number to use

Understanding FTPS and FTP port connections

Transferring files securely requires a comprehensive understanding of the connections, ports, and IP addresses utilized by FTP (File Transfer Protocol) and its secure version FTPS (FTP over TLS/SSL). This guide provides an in-depth look at these protocols’ commonly used control and data ports, their differences, and firewall considerations.

FTP and FTPS connections primarily consist of two types: the control connection and the data connection. The client initializes these connections with an FTP server like Cerberus, and both are required for data transfer.

What is the FTP/S control connection?

The control connection is the initial link established when a client connects to an FTP server using the server’s IP address. Also known as the control channel, this connection’s purpose is to grant clients access to the server and enable them to send FTP commands and receive server responses.

What is the FTP/S control connection port number?

  • TCP Port 21 (often called FTP port 21) is the default control connection port for FTP. 
  • Port 990 is the default control connection port for FTPS. FTPS can also use port 21 when operating under explicit security.

These ports are where the server side initiates an FTP session. However, these default ports are not set in stone. As a server administrator, you are free to adjust the listener to any open port on the system. 

What is the FTP/S data connection?

The data connection is the pathway through which the FTP server exchanges file listings (like directory listings in ASCII format) and transfers files. FTP clients instruct servers to send a file listing or transfer a file through this connection.

What is the FTP/S data connection port number?

  • Port 20 is the most common data connection port for FTP.
  • Port 989 is the default data connection port for FTPS. 

 

What is the difference between port 21 and 990?

Port 21 is FTP’s default control connection port, while port 990 is the same for FTPS. The main difference lies in their expected security behavior. Port 990 implies implicit security, whereas port 21 can be used with explicit security.

Read our blog post on how secure is FTP to learn more about these differences.

What are active and passive FTP/S modes?

FTP/S can run in two modes, active and passive, depending on how you want your client and server to establish their connections.

  • In active mode, the client specifies its own data connection port for a transfer. It does so by sending a PORT command to the server, and then waiting for the server to initiate the connection on that specified port.
  • In passive mode, the server specifies the client data port that will be used. The client first sends a PASV command to the server, and the server then provides an IP address and server port number for the data connection. 

When should you use active or passive FTP/S modes?

Active FTP is a bit simpler to configure, but often faces issues with firewalls blocking incoming connection requests for specific ports. As a result, Passive FTP is generally more firewall-friendly.

Do active and passive FTP/S modes use different port numbers?

Not by default, but administrators can specify specific ports for these transfers. For passive modes, FTP can be configured to use a range of passive ports for data transfer, typically between 1024 and 65535.

Cerberus makes FTP port management easy. Get a free trial of Cerberus FTP Server today! 

What are the Implicit/Explicit FTP/S Port Numbers?

FTPS can operate in two modes: Explicit FTPS and Implicit FTPS.

  • In Implicit FTPS, connections established via Port 990 will automatically perform an SSL/TLS (Secure Sockets Layer/Transport Layer Security) handshake, implying a secure connection.
  • In Explicit FTPS, connections established via Port 21 need an additional AUTH command to enable security, i.e., to start the SSL/TLS session. The security features of FTPS protect your data from being sent as plain text or unencrypted over the network protocol.

Can you change default FTP/S port numbers?

Yes! We’ve linked to instructions on how to change your default FTP/S port numbers here.

Download a risk-free 25 day free trial of Cerberus FTP Server for Secure File Transfers today which supports for FTP and FTPS, along with many other protocols. Download now

Related posts:

  1. OpenSSL vulnerability fixed in Cerberus FTP Server version 11.3.6
  2. Cerberus FTP Server 12.10 presents Independent Directory and File Level Permissions
  3. Moving to OpenSSL 3 in Cerberus FTP Server 12.11
  4. FTP Server Password Policy Recommendations: Keeping Your Passwords Secure