How does the FTP server in the FLIR A300/A310 work? I'm concerned about the passive mode: is it safe?

The FLIR A3xx cameras have a built-in FTP server (based on Windows CE) that can communicate with any FTP client application. When you connect to the camera, you decide if you want to connect with passive FTP or active FTP.

When choosing whether to use passive or active mode, it is often a question of which ports you need to open/forward in your firewall. Therefore it is important to understand the different modes. Depending on where you place your firewall (if you have one), you need to be aware of which ports are used by the FTP service.

Passive FTP

In the image below, the client is using passive mode FTP. This means that the client connects to the server (camera) on a random port to the server port 21. The server will respond from port 21 to the client's random port, and acknowledge the connection. This is the command dialogue, which will also contain the user's authorization. After this, the data transfer will take place on a random port from the client and a random port on the server. The random port on the client side is one port above the random client command port. For example, if the client connects from the random port 12345 to the server port 21, the random data transfer client port will be 12346.

Active FTP

In the image below, the client is now using active mode FTP. It is similar to passive mode but the data transfer will now be via a fixed port on the server side. The random port 1 on the client side will be one number below random port 2 on the client side. The server will use port 20 for the data transfer.

Attached are two Wireshark capture files, one where an active FTP session has been established, and one where a passive FTP session has been established. These traces can be useful for understanding the procedures.

Is passive mode safe?

Returning to the original question, "Is it safe or not to use passive mode?", this is something you will have to decide in relation to your application. FLIR will be happy to provide as much technical detail as possible, but you will have to make the safety decision yourself.