Ports and Protocols

Discussion in 'Computer Security' started by Lam Duk, Nov 17, 2004.

  1. Lam Duk

    Lam Duk Guest

    I have a pretty basic question about how ports are used. I know that different
    protocols use ports, most commonly TCP and UDP. What I want to know is if the
    same port can be used for different protocols at the same time. For example, if
    one application uses 1300/TCP, can another application on the same machine using
    the same TCP/IP interface use 1300/UDP? Or must it use a different port even
    though it is using a different protocol? In the case of sequentially assigned
    dynamic ports, will the next unused port be assigned, regardless of protocol?
    --
    Lam Duk
    Genius is the ability to see the obvious.
     
    Lam Duk, Nov 17, 2004
    #1
    1. Advertising

  2. Lam Duk

    KG6VQE Guest

    Lam,
    Assuming this isn't a hoax posting, the best example is a machine used as a
    Web Server. Normal WEB Traffic (HTTP) posts to port 80. So for a given IP
    address, the TCP Interface for port 80 goes to the Application serving the
    HTTP server. One way for a single machine to host mutiple sites, is to
    allow the interface to use different Ports. so for instance, the hosting
    site of www.server1.com is using port 80, www.server2.com is using port 180,
    www.server3.com is using port 280. All of these servers can be hosted on
    one machine, differentiating by the port numbers.
    You use the terms Protocol and Ports together. A protocol is simply an
    agreed standard, such as FTP, HTTP, TELNET, DNS, etc. The protocol is
    simply an prior agreed to standard for exchanging information. The only
    difference is that each of the published "STANDARD" protocols are assigned
    default port numbers. Most server application hae the ability to change the
    "listening" port number. So you can run an FTP Server on 221 instead of the
    default Port 21.
    The real question is, if two server applications used the same port, how
    would they be able to determine the difference in data. Technically, the
    handshaking sequence would be different, but you would have to have an
    intelligent handler look at the incoming data, and determine whether is was
    destined for each server. Sounds quite complicated.
    I use a firewall (Watchguard SOHO) that lets me redirect Port Numbers to
    differnet Service Hosts. The Service Host is a machine that is listening
    for activity on a given port. The Firewall has about 20 default ports, and
    retains the possibility to "roll your own port". Comes in very handy.
    Hope this answers your question.
    --


    ----------------------------------------------------
    This mailbox protected from junk email by MailFrontier Desktop
    from MailFrontier, Inc. http://info.mailfrontier.com

    "Lam Duk" <> wrote in message
    news:...
    >I have a pretty basic question about how ports are used. I know that
    >different
    > protocols use ports, most commonly TCP and UDP. What I want to know is if
    > the
    > same port can be used for different protocols at the same time. For
    > example, if
    > one application uses 1300/TCP, can another application on the same machine
    > using
    > the same TCP/IP interface use 1300/UDP? Or must it use a different port
    > even
    > though it is using a different protocol? In the case of sequentially
    > assigned
    > dynamic ports, will the next unused port be assigned, regardless of
    > protocol?
    > --
    > Lam Duk
    > Genius is the ability to see the obvious.
    >
    >
     
    KG6VQE, Nov 18, 2004
    #2
    1. Advertising

  3. Lam Duk

    Lam Duk Guest

    >Assuming this isn't a hoax posting, the best example is a machine used as a
    >Web Server.


    No, it is not a hoax posting, and I don't know why you would think it is. It is
    a genuine question, which you didn't really answer. Let me lay out a
    hypothetical scenario. Let's assume I have a DNS server which uses the normal
    port 53 and UDP protocol. Let us also assume I have a HTTP server, which uses
    the TCP protocol. I know I can set the server to respond on any port I want, not
    just the normal port 80. My question is, is it possible to set the HTTP server
    in this hypothetical setup to port 53/TCP, sharing the port 53 assignment with
    the DNS server, which uses a different protocol? My instincts tell me no, that
    only one service can serve a given port at the same time, regardless of
    protocol, but I've never seen that written down anywhere. I don't have any real
    life requirement for such a setup. I just want to fill in the blanks in my
    education.
    --
    Lam Duk
    Genius is the ability to see the obvious.
     
    Lam Duk, Nov 18, 2004
    #3
  4. Lam Duk

    Celtic Leroy Guest

    "Lam Duk" <> wrote:

    >... It is a genuine question, which you didn't really answer.


    Don't you just hate it when people give long drawn out answers, then
    don't even answer you?!?!?!

    The answer is No! You cannot have 2 different programs using the same
    port number with different protocols. Once a program begins using, or
    "listening", on a port, that port is considered "in use" and you'll
    get an error if you try to connect with another program.

    Effectively, TCP and UDP are very different and would never normally
    be used within the same application. UDP is connectionless and TCP is
    an acknowledged connection protocol. The port number is how sockets
    keeps all the connections separated by program.

    Hope this helps.
     
    Celtic Leroy, Nov 18, 2004
    #4
  5. Lam Duk

    Lam Duk Guest

    >The answer is No! You cannot have 2 different programs using the same
    >port number with different protocols. Once a program begins using, or
    >"listening", on a port, that port is considered "in use" and you'll
    >get an error if you try to connect with another program.


    Thank you. Yes, that confirms my best guess.
    --
    Lam Duk
    Genius is the ability to see the obvious.
     
    Lam Duk, Nov 18, 2004
    #5
  6. Lam Duk

    Moe Trin Guest

    In article <>, Lam Duk wrote:

    >Let's assume I have a DNS server which uses the normal port 53 and UDP
    >protocol.


    Minor problem - DNS uses both UDP (normally) and TCP (for longer replies).

    >Let us also assume I have a HTTP server, which uses the TCP protocol. I
    >know I can set the server to respond on any port I want, not just the
    >normal port 80.


    Correct

    >My question is, is it possible to set the HTTP server in this hypothetical
    >setup to port 53/TCP, sharing the port 53 assignment with the DNS server,
    >which uses a different protocol?


    In this singular case - no, only because DNS uses both protocols. See the
    RFCs (1034 and 1035). On the OTHER hand, had you chosen a different port
    number, the answer is probably yes. UNIX has been doing so for years.

    >My instincts tell me no, that only one service can serve a given port at
    >the same time, regardless of protocol, but I've never seen that written
    >down anywhere. I don't have any real life requirement for such a setup. I
    >just want to fill in the blanks in my education.


    Assuming the network stack was written correctly, there would be no
    problem. Protocol is the tenth octet in the IP header (see RFC0791), and
    the 'cargo' of an IP packet may be one of 130 different defined protocols
    (http://www.iana.org/assignments/protocol-numbers) in addition to the very
    common TCP or UDP or ICMP, etc. Port numbers are defined in TCP and UDP
    headers (see RFC0768 and 0793) in the first four octets (two source, two
    destination). Other protocols do not have port numbers (example ICMP from
    RFC0792), or use a completely different concept (IGMP from RFC2236).

    Old guy
     
    Moe Trin, Nov 18, 2004
    #6
  7. Lam Duk

    Moe Trin Guest

    In article <>, Celtic Leroy wrote:

    >Don't you just hate it when people give long drawn out answers, then
    >don't even answer you?!?!?!


    Almost as much as when someone gives out a bogus answer.

    >The answer is No! You cannot have 2 different programs using the same
    >port number with different protocols. Once a program begins using, or
    >"listening", on a port, that port is considered "in use" and you'll
    >get an error if you try to connect with another program.


    This might be true of some versions of windoze - and if so, it's another
    example of incompetent programming, but UNIX has been able to separate
    protocol/ports very easily, because 'protocol' is an IP header variable,
    and port numbers are only defined in TCP or UDP headers. This is why ICMP
    doesn't have port numbers. See any decent networking textbook (like
    W. Richard Stevens "TCP/IP Illustrated Volume 1" ISBN 0-201-63346-9) or
    the RFCs themselves.

    0768 User Datagram Protocol. J. Postel. Aug-28-1980. (Format: TXT=5896
    bytes) (Also STD0006) (Status: STANDARD)

    0791 Internet Protocol. J. Postel. Sep-01-1981. (Format: TXT=97779
    bytes) (Obsoletes RFC0760) (Updated by RFC1349) (Also STD0005)
    (Status: STANDARD)

    0792 Internet Control Message Protocol. J. Postel. Sep-01-1981.
    (Format: TXT=30404 bytes) (Obsoletes RFC0777) (Updated by RFC0950)
    (Also STD0005) (Status: STANDARD)

    0793 Transmission Control Protocol. J. Postel. Sep-01-1981. (Format:
    TXT=172710 bytes) (Updated by RFC3168) (Also STD0007) (Status:
    STANDARD)

    See also the list of ports http://www.iana.org/assignments/port-numbers
    and pay particular attention to ports 512 to 514 (one example)

    exec 512/tcp # BSD rexecd(8)
    biff 512/udp comsat
    login 513/tcp # BSD rlogind(8)
    who 513/udp whod # BSD rwhod(8)
    shell 514/tcp cmd # BSD rshd(8)
    syslog 514/udp # BSD syslogd(8)

    Those ports aren't used that much outside of isolated networks, because
    they have almost no security, but they've been around since the 1980s.

    >Effectively, TCP and UDP are very different and would never normally
    >be used within the same application. UDP is connectionless and TCP is
    >an acknowledged connection protocol.


    Maybe you ought to read RFC1035 section 4.2 - here, I'll even show the
    second paragraph:

    The Internet supports name server access using TCP [RFC-793] on server
    port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
    port 53 (decimal).

    So, DNS uses both protocols, but the same port AT THE SAME TIME. UDP is
    used for replies that are 512 octets or less - TCP is 513 octets or more
    and zone transfers.

    1034 Domain names - concepts and facilities. P.V. Mockapetris.
    Nov-01-1987. (Format: TXT=129180 bytes) (Obsoletes RFC0973, RFC0882,
    RFC0883) (Updated by RFC1101, RFC1183, RFC1348, RFC1876, RFC1982,
    RFC2065, RFC2181, RFC2308, RFC2535) (Also STD0013) (Status: STANDARD)

    1035 Domain names - implementation and specification. P.V.
    Mockapetris. Nov-01-1987. (Format: TXT=125626 bytes) (Obsoletes
    RFC0973, RFC0882, RFC0883) (Updated by RFC1101, RFC1183, RFC1348,
    RFC1876, RFC1982, RFC1995, RFC1996, RFC2065, RFC2136, RFC2181,
    RFC2137, RFC2308, RFC2535, RFC2845, RFC3425, RFC3658) (Also STD0013)
    (Status: STANDARD)

    >The port number is how sockets keeps all the connections separated by
    >program.


    Sounds like incompetent programming to me. Anyone who has read the
    networking standards (RFCs) knows that different protocols can exist on
    the same port number at the same time.

    Old guy
     
    Moe Trin, Nov 18, 2004
    #7
  8. Lam Duk

    Celtic Leroy Guest

    (Moe Trin) wrote:

    >In article <>, Celtic Leroy wrote:
    >
    >>Don't you just hate it when people give long drawn out answers, then
    >>don't even answer you?!?!?!

    >
    >Almost as much as when someone gives out a bogus answer.


    Or one that does not consider the environment in use. In this case
    WINDOWS!!!! No one is disputing your prowess or knowledge, but when
    it is inappropriate to the specific question, it becomes a nuisance.
    I didn't bother to include the special considerations of Highpoint
    connections using Unisys 2200 mainframes either.

    >
    >>The answer is No! You cannot have 2 different programs using the same
    >>port number with different protocols. Once a program begins using, or
    >>"listening", on a port, that port is considered "in use" and you'll
    >>get an error if you try to connect with another program.

    >
    >This might be true of some versions of windoze - and if so, it's another


    The OP is using Windoze (check the headers of his post)...so the
    answer was given in kind. I don't dispute that MS has done some
    pretty bad (incompetent) programming. I also know that Windows will
    not...I repeat WILL NOT allow 2 different processes to use the same
    port number, regardless of whether they use different protocols or
    not.

    >example of incompetent programming, but UNIX has been able to separate


    <snip useless info about other OS's>

    >>Effectively, TCP and UDP are very different and would never normally
    >>be used within the same application. UDP is connectionless and TCP is
    >>an acknowledged connection protocol.

    >
    >Maybe you ought to read RFC1035 section 4.2


    I've read it, as well as most other RFC's

    >So, DNS uses both protocols, but the same port AT THE SAME TIME. UDP is
    >used for replies that are 512 octets or less - TCP is 513 octets or more
    >and zone transfers.


    Yes, and you will find how many DNS servers running on Windows???
     
    Celtic Leroy, Nov 18, 2004
    #8
  9. >>>The answer is No! You cannot have 2 different programs using the same
    >>>port number with different protocols. Once a program begins using, or
    >>>"listening", on a port, that port is considered "in use" and you'll
    >>>get an error if you try to connect with another program.


    A TCP or UDP connection is defined by the 4-tuple (source IP, source
    port, destination IP, destination port).

    At any given instant of time, only a single program can be listening
    on a given (destination IP, destination port) combination. However,
    once it receives a connection, the same program, a new instance of the
    same program, or a completely different program can listen for the
    next connection request on the pair.

    Even with a completly different program listening for the new
    connection, many existing programs can be using the same (destination
    IP, destination port) pair, so long as either the source IP or the
    source port differ.

    This model is out of TCP itself and has nothing to do with the
    underlying operating system, although the underlying implementation
    may impose limits.

    To the best of my knowledge, both Windows and Unix offer full support
    for this model.

    ...
    >>This might be true of some versions of windoze - and if so, it's another

    >
    >The OP is using Windoze (check the headers of his post)...so the
    >answer was given in kind. I don't dispute that MS has done some
    >pretty bad (incompetent) programming. I also know that Windows will
    >not...I repeat WILL NOT allow 2 different processes to use the same
    >port number, regardless of whether they use different protocols or
    >not.


    If you mean "listen on the same (IP, port) number pair," correct.
    Neither will Unix.

    Note that the (IP, port) pairs are separate for TCP and UDP stacks.
    So, I can readily have one application listening on port P for TCP and
    a different applicatoin listening on port P for UDP. Works just fine.

    Note that when setting up a socket, you not only define the IP and
    port, but also the address family and protocol family (e.g., IPv4
    vs. IPv6 and TCP, UDP, or ICMP). So it is easy for the networking
    code to keep separate tables of listeners and >appear to< re-use
    ports.

    It is the _convention_ that, where both TCP and UDP versions of a
    given protocol are meaningful (e.g. DNS), to support both on the same
    numeric port value. But that is a convention and not a requirement.

    ..
    >>>Effectively, TCP and UDP are very different and would never normally
    >>>be used within the same application. UDP is connectionless and TCP is
    >>>an acknowledged connection protocol.


    These are the essential differences, but it is quite common for a
    single application to use both. Each to its strength. For example,
    Telnet normally uses UDP for DNS lookups and TCP for its connection.

    ...
    >>So, DNS uses both protocols, but the same port AT THE SAME TIME. UDP is
    >>used for replies that are 512 octets or less - TCP is 513 octets or more
    >>and zone transfers.


    Close, but not quite. If I do a DNS request on UDP, the server must
    respond using UDP: it can't decide to respond using TCP, regardless of
    the response size. As a client, if I think the response might be
    large (e.g., the UDP response was "too big to fit"), I might try a TCP
    request.

    For overhead reasons, many DNS servers do not reply to TCP requests.

    Craig
     
    Craig A. Finseth, Nov 18, 2004
    #9
  10. Lam Duk

    Lam Duk Guest

    Considering the confusion and debate that has resulted, I guess my question
    wasn't so simple-minded, after all. :)
    --
    Lam Duk
    Genius is the ability to see the obvious.
     
    Lam Duk, Nov 18, 2004
    #10
  11. Lam Duk

    Moe Trin Guest

    In article <>, Celtic Leroy wrote:

    >The OP is using Windoze (check the headers of his post)...so the
    >answer was given in kind.


    From the post we both responded to:

    >My question is, is it possible to set the HTTP server in this hypothetical
    >setup to port 53/TCP, sharing the port 53 assignment with the DNS server,
    >which uses a different protocol?


    -----> hypothetical <-----

    Now, I wonder what would happen if you took one of these personal firewalls
    and used that to port-forward <mumble>/udp to another port, and <mumble>/tcp
    to a different one? There is no need for me to use that trick, but I wonder
    if it would get around the shortcomings in the windoze stacks.

    >Yes, and you will find how many DNS servers running on Windows???


    More than one. One of the ISPs I used to use were doing so.

    Old guy
     
    Moe Trin, Nov 19, 2004
    #11
  12. Lam Duk

    Moe Trin Guest

    In article <419d264c$0$232$>, Craig A. Finseth wrote:

    >>I also know that Windows will not...I repeat WILL NOT allow 2 different
    >>processes to use the same port number, regardless of whether they use
    >>different protocols or not.


    >If you mean "listen on the same (IP, port) number pair," correct.
    >Neither will Unix.
    >
    >Note that the (IP, port) pairs are separate for TCP and UDP stacks.
    >So, I can readily have one application listening on port P for TCP and
    >a different applicatoin listening on port P for UDP. Works just fine.


    I'm not really sure how to interpret those two statements. But then,
    I'm not using a branded UNIX. Certainly I can't run two processes on
    the same port/protocol - I agree with that. But

    [compton ~]$ /usr/sbin/lsof -i :21
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    inetd 256 root 4u inet 0x0179b414 0t0 TCP *:ftp (LISTEN)
    nc 11638 root 3u inet 0x00948c0c 0t0 UDP *:21
    [compton ~]$

    That's quite obviously two separate processes - the first being the inetd
    super server, and the second being netcat. From another computer, I have
    no problem connecting to the FTP server, or to netcat (which is merely
    set to dump packets to a terminal). I recall doing something similar with
    both SunOS 4.1.3 and Solaris 2.5 with rshd on 513/tcp and syslogd on
    513/udp - done on several hosts, though I'm no longer running either O/S.

    For a windoze situation, I wonder if using a so-called personal firewall
    to port forward (<mumble>/tcp to another port, <mumble>/udp to a different
    port) maybe even on the same host would get around the apparent shortcoming.

    >It is the _convention_ that, where both TCP and UDP versions of a
    >given protocol are meaningful (e.g. DNS), to support both on the same
    >numeric port value. But that is a convention and not a requirement.


    Agreed. This is mentioned in passing in the IANA portnumber list.

    >These are the essential differences, but it is quite common for a
    >single application to use both. Each to its strength. For example,
    >Telnet normally uses UDP for DNS lookups and TCP for its connection.


    Not to pick to many nits, but telnet doesn't specifically do the DNS
    lookups - it passes the lookup request to the kernel as a resolver call.

    >Close, but not quite. If I do a DNS request on UDP, the server must
    >respond using UDP: it can't decide to respond using TCP, regardless of
    >the response size. As a client, if I think the response might be
    >large (e.g., the UDP response was "too big to fit"), I might try a TCP
    >request.


    Depends on the application code as I understand it. The server does give
    a UDP reply of up to 512 octets, but if the reply is longer, it gives
    the first 512 octets AND sets the 'truncated' flag (next to last bit
    in the third octet of the reply header). 'dig' can be set to ignore or
    followup to that flag. The deprecated 'nslookup' did not ignore the flag
    by default. 'host' reports the flag if set, but doesn't seem to have the
    capability to make a TCP query. 'dnsquery' seems to be able to be forced
    to use a TCP query, although UDP is default. The actual knob that gets
    twisted to select UDP _or_ TCP queries is available as a library call.

    Old guy
     
    Moe Trin, Nov 19, 2004
    #12
  13. Thank you all!

    I haven't read all the RFCs yet, but I've been planning to try to pierce
    my firewall by sending packets to the wrong protocol.

    An example of my current understanding:

    80 uses both so it won't be vulnerable
    53 ignores TCP so it won't be vulnerable
    510 is usually inside the network so it won't be vulnerable from the
    Internet.

    Off the top of my head, I can't think of anything that uses the right
    combination.

    Maybe I need to do a little more thinking.
    Maybe I'm working on a problem that has already been considered and is
    not vulnerable.
    Maybe I'm just a ... (enter whatever you think is appropriate).

    --
    Dave
     
    fluidly unsure, Nov 22, 2004
    #13
  14. "Moe Trin" <> wrote in message
    news:...
    > In article <419d264c$0$232$>, Craig A. Finseth wrote:
    >
    > >>I also know that Windows will not...I repeat WILL NOT allow 2 different
    > >>processes to use the same port number, regardless of whether they use
    > >>different protocols or not.

    >
    > >If you mean "listen on the same (IP, port) number pair," correct.
    > >Neither will Unix.
    > >
    > >Note that the (IP, port) pairs are separate for TCP and UDP stacks.
    > >So, I can readily have one application listening on port P for TCP and
    > >a different applicatoin listening on port P for UDP. Works just fine.

    >
    > I'm not really sure how to interpret those two statements. But then,
    > I'm not using a branded UNIX. Certainly I can't run two processes on
    > the same port/protocol - I agree with that. But
    >
    > [compton ~]$ /usr/sbin/lsof -i :21
    > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    > inetd 256 root 4u inet 0x0179b414 0t0 TCP *:ftp (LISTEN)
    > nc 11638 root 3u inet 0x00948c0c 0t0 UDP *:21
    > [compton ~]$
    >
    > That's quite obviously two separate processes - the first being the inetd
    > super server, and the second being netcat.


    Well, quite. You might not know how to interpret it, but you've just
    demonstrated what he actually said :eek:)

    Combination of Address/Port/Protocol *must* be unique.

    I've only come across one violation of that - where a process could be
    "queued" against a given combination - although only the first process would
    actually be capable of receiving data.

    Surprise, surprise this was DEC UCX. UCX could do /anything/, and frequently
    did.. :eek:\

    On the Windows front, I think that you might be confusing "limitations" in
    the stack implementation with the *deliberate* crippling of aspects of the
    Workstation version to act as particular Internet servers.

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Nov 23, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ivan Ostreš
    Replies:
    3
    Views:
    461
    Hansang Bae
    Mar 10, 2005
  2. Replies:
    0
    Views:
    907
  3. AM
    Replies:
    1
    Views:
    5,692
    Walter Roberson
    Aug 10, 2005
  4. Replies:
    2
    Views:
    1,043
    Dick Dastardly
    Apr 2, 2006
  5. Radium
    Replies:
    0
    Views:
    496
    Radium
    Sep 23, 2006
Loading...

Share This Page