This is about … .
FTP
Port 20: for data exchange Port 21: establishing connection and command channel
Active mode
No firewall in between. The server initiates a connection for data transfer. That means more risk for the client.
Steps
Client ð opens a port, say, 1069.
The client ð then informs the server ðļ via the PORT 1069 command over the server’s 21st port.
The server connects to this port and sends the data from its 20th port.
Why is it more risky for the client? Because the client ð is open for connections for some time. Most often, the firewall blocks most of the connections not initiated by the client. To allow this mode to work, one must allow the inbound connection, which might be risky. Also, the client ð is sharing its IP address and port number. What if the server is not untrusted? What if these requests are logged somewhere?
Passive mode
This mode is usually used when the client ð has a firewall that blocks incoming connections. It means less risk for the client and more risk for the server ðļ.
Steps
The client ð sends a PASV to the 21st port of the server ðļ basically saying “I want to use the passive mode”.
ð BTFM
ABOR
LIST
DELE
MKD
PWD
QUIT
...