689 words
3 minutes
Troubleshooting Windows ftp.exe
2025-08-06
HowTo
Windows
/
FTP

You connected successfully to your FTP server using windows FTP client (ftp.exe). You can create and move files around, but you cant list or transfer files.

Let’s see why ?

How FTP Works#

FTP (File Transfer Protocol) is one of the oldest and most widely used protocols for transferring files between computers over the Internet. It is an application layer protocol that moves files between local and remote file systems. It runs on top of TCP protocol just like HTTP. 

FTP requires two types of TCP connections:

  1. Control Connection
  2. Data Connection

Control Connection#

The control connection is the initial connection made between the FTP client and server. This connection is responsible for sending commands and receiving responses between the two entities. The control connection is established over the control port which is usually port 21.

It is used to authenticate the user, establish the type of transfer (ASCII or binary), and navigate the server’s file directory.

Data Connection#

The data connection is used to transfer files and data between the FTP client and server. This connection is negotiated between the client and server and made via any open port.

Data Connection Modes#

The FTP client always initiates the control connection. However, for the data connecion, the initiator depends on the mode in use.

FTP works in either of two modes:

  1. active mode
  2. passive mode

Active Mode#

In active mode, the server initiates the data connection.

The client sends the PORT command to the server over the control connection. The command informs the server on which address and port the client is listening on for an incoming data connection. The server then initiates a connection from its data port, default is 20, to the port specified by the client.

This can be a problem, especially if the client is sitting behind a firewall or a NAT device. Typical client-side firewalls and NAT devices block inbound connections.

Passive Mode#

In passive mode, the client also initiates the data connection.

The client sends the PASV command to the server over the control connection. The command requests the server to wait for a connection. The server chooses a random, high-numbered port and then sends its address and the chosen port back to the client. Once the client receives the PASV command response, it can then successfully initiate the data connection from also a random high-numbered port on its side.

The port chosen by the server is outside the range of privileged ports, >1023.

Windows ftp.exe#

The default Windows command-line FTP client, ftp.exe, does not support passive mode.
While you can issue the PASV command from it, the server switches to passive mode, but the client still remains in active mode, breaking the connection.

You might have already identified the problem with ftp.exe 💡.

🕵️ Why ftp.exe is not working ?#

Since the client’s only option is to work in active mode, the inbound connections from the server are most probably being blocked by either the local or intermediary firewall or intermediary NAT devices.

To confirm this, you can try using other modern third-party FTP clients such as WinSCP and FileZilla. These use passive mode by default.

🛠️ Solutions#

  1. If the server and client reside on the same Demilitarized Zone(DMZ), or an internal trusted network segment, you can consider allowing inbound connections from the server to the client on the firewall. You can harden the rule for the inbound connection by explicitly specifying that the source of the connection must be the FTP server’s address and the data connection configured port; default port is 20.

  2. Another solution is to use a more secure protocol like SSH File Transfer Protocol (sftp) or FTP over SSL/TLS (ftps). In this case prefer sftp as it uses a single port for communication and encrypts all data.

  3. Use a modern ftp client like WinSCP or FileZilla.

📚 Summary#

  • FTP works with two separate connections: data and control connection.
  • FTP supports two modes, passive and active, differentiated by who initiates the data connection.
  • In active mode, the server initiates the connection, while the client initiates the connection in passive mode.
  • Passive mode is more firewall friendly, as client-side firewalls and NAT devices typically block inbound connections.
  • Windows ftp.exe works only in active mode; hence, it is more likely not to work well with client-side firewalls.

🏁 Conclusion#

  • Prefer modern clients over ftp.exe.
  • Consider upgrading to using sftp as it is more secure and firewall-friendly.
Troubleshooting Windows ftp.exe
https://www.wizardofbits.com/posts/windows/troubleshooting-windows-ftp/
Author
Nahashon Mwongera
Published at
2025-08-06
License
CC BY-NC-SA 4.0
Configuring NFS on Linux
Windows Object Handles
© 2025 Nahashon Mwongera. All Rights Reserved. / RSS / Sitemap
Powered by Astro