Newbie learning about Ports

Discussion in 'Linux Networking' started by adnanchowdhury88, Jun 14, 2013.

  1. Hello all,

    I am trying to grok network ports and how they work ... Mainly because I was trying to see if a machine at work could see my local DNS and I looked upthe port binding used by DNS servers and read this:

    "In general, all DNS queries are sent from a high-numbered source port (49152 or above) to destination port 53, and responses are sent from source port 53 to a high-numbered destination port. The following table lists the UDPand TCP ports used for different DNS message types."

    When I access a website, I am assuming that my outbound traffic is going out port 80 and reaching the server's port 80, and when the server responds it sends through its port 80 to my port 80. Is there anything wrong with this assumption? (I think there might be)
     
    adnanchowdhury88, Jun 14, 2013
    #1
    1. Advertisements

  2. adnanchowdhury88

    Rick Jones Guest

    Your assumption is incorrect. Just like the DNS example you found, 99
    times out of 10, the web client will connect from a local port number
    other than 80. Unless the client code makes an explicit bind() call,
    when it connect()s to port 80 on the web server, the local port number
    will be selected from the "ephemeral" (sometimes called the
    "anonymous") port range of the client's TCP stack. That will vary
    with client OS, but generally speaking it will be port numbers higher
    than 32768 or 49152 and lower than 61000 or 65535.

    The port numbers are part of how TCP "names" a connection. The
    four-tuple of local and remote IP address and local and remote port
    number for the "name" of the TCP connection. Those uniquely identify
    it from all other TCP connections.

    If your web client connected from port 80 to port 80 on the web
    server, there could then be only one unique TCP connection between
    them - clientIP,serverIP,80,80.

    rick jones
    --
    The computing industry isn't as much a game of "Follow The Leader" as
    it is one of "Ring Around the Rosy" or perhaps "Duck Duck Goose."
    - Rick Jones
    these opinions are mine, all mine; HP might not want them anyway... :)
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
     
    Rick Jones, Jun 14, 2013
    #2
    1. Advertisements

  3. Thanks for the explanation Rick I found it very helpful. I admit though, I still don't have a firm understanding of it all.

    If I make a request for website A.com, the outgoing traffic will leave through an ephemeral port to be received by A.com's port 80, correct? And when the server responds, will it leave its own ephemeral port to be received by my port 80?

    Do you have any articles/documentation on the matter that could explain the process further?
     
    adnanchowdhury88, Jun 14, 2013
    #3
  4. adnanchowdhury88

    Moe Trin Guest

    On Fri, 14 Jun 2013, in the Usenet newsgroup comp.os.linux.networking, in
    article <>,
    wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    [fermi ~]$ whatis netstat
    netstat (8) - Print network connections, routing tables,
    interface statistics, masquerade connections, and
    multicast memberships
    [fermi ~]$

    Run the command 'netstat -antu' after you read that manual page.
    No, you make a connection from port $FOO (example 21289) to their
    port 80 - so their reply uses that connection - i.e. it comes from
    their 80 to your $FOO (example 21289). The word is "connection".
    http://www.netfilter.org/documentation/HOWTO/

    [TXT] NAT-HOWTO.txt 05-Oct-2012 10:33 25K
    [TXT] netfilter-double-nat.txt 05-Oct-2012 10:33 9.4K
    [TXT] netfilter-extensions-HOWTO.txt 05-Oct-2012 10:33 80K
    [TXT] netfilter-hacking-HOWTO.txt 05-Oct-2012 10:33 81K
    [TXT] netfilter-mirror-HOWTO.txt 05-Oct-2012 10:33 7.8K
    [TXT] networking-concepts-HOWTO.txt 05-Oct-2012 10:33 28K
    [TXT] packet-filtering-HOWTO.txt 05-Oct-2012 10:33 51K

    You want to read the "networking-concepts" and "packet-filtering"
    documents. Another item that would help is RFC1180

    1180 TCP/IP tutorial. T.J. Socolofsky, C.J. Kale. January 1991.
    (Format: TXT=65494 bytes) (Status: INFORMATIONAL)

    You can use a search-engine to find a copy of RFC1180 in dozens of
    places.

    Old guy
     
    Moe Trin, Jun 14, 2013
    #4
  5. adnanchowdhury88

    Rick Jones Guest

    No. In this case the only ephemeral port is on the client. Source and
    destination port numbers get swapped when going the other way.

    From your client, it will be source port == yourephemeral; destination
    port == 80. When the server replies it will be source port == 80
    destination port == your ephemeral.
    The works of the late W Richard Steves would be one source.

    rick
     
    Rick Jones, Jun 14, 2013
    #5
  6. adnanchowdhury88

    Tauno Voipio Guest

    You should start with:

    TCP/IP Illustrated, Volume 1, The Protocols

    Be warned, there are hundreds of pages to read end understand.
     
    Tauno Voipio, Jun 15, 2013
    #6
  7. adnanchowdhury88

    Jorgen Grahn Guest

    .
    Yeah. Just when I started doing network programming, the names "port"
    and "socket" were major sources of confusion. I suspect that with
    some more thinking, someone at Berkeley could have come up with better
    names. (The abstractions themselves are sound, though.)
    A bit too concrete to be useful in practice, perhaps. I think of it
    as the packet having a return address which allows a reply not only to
    the /host/, but to the actual /program/ on that host (if the program
    is still alive at that time).

    /Jorgen
     
    Jorgen Grahn, Jun 15, 2013
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.