Question about ports

Robbo777 · September 2015

Hi, I have a question about ports that I'm a little but confused about. If a router has blocked nearly every port except port 80, 135 and one more, why is it that I can watch stream videos online if they use ports such as 554 etc... I don't understand that.
If you're clicking on a link for example that will require https or port 554 etc... whatever the case my be, then the computer uses one of the random ports along with port 80 as it's destination? But when do the other ports I just mentioned come into play then? They're blocked on my router so I was wondering how I am using it when the port has been closed. So does the port just have to be opened on the server side and the client side does not matter unless someone is connecting to you?

Thanks

james43026 · September 2015

The answer to this would depend on the application and configuration of the firewall in question. A firewall can apply only to incoming or outgoing traffic, it could also be a reflective or a context based ACL setup, or you could also be dealing with a zone based firewall. Most likely what you are seeing is a statefull / reflective firewall setup of some sort. So if a connection originates from the inside of your network, then return traffic would be permitted. This is a highly summarized view of firewalls. If you have an example with a running config that you can post that could help us clarify this as well.

Monkerz · September 2015

I would ask that you post the output of a few different things so that we can give you a definitive answer to your question:

From router:
1. Config of ACL
2. Config of WAN and LAN ports (sanitized)

From workstation:
3. Output of "netstat -ano" ran from command prompt as video is streaming

Nans · September 2015

Robbo777 wrote: »

Hi, I have a question about ports that I'm a little but confused about. If a router has blocked nearly every port except port 80, 135 and one more, why is it that I can watch stream videos online if they use ports such as 554 etc... I don't understand that.
If you're clicking on a link for example that will require https or port 554 etc... whatever the case my be, then the computer uses one of the random ports along with port 80 as it's destination? But when do the other ports I just mentioned come into play then? They're blocked on my router so I was wondering how I am using it when the port has been closed. So does the port just have to be opened on the server side and the client side does not matter unless someone is connecting to you?

Thanks

Are we speaking about direction too..!!!! if you might have configured it in the wrong direction may be blocking the hosts port 80. Because source send's a packet with the destination port as 80 and its port will be a random port selected at that point.

Robbo777 · September 2015

I just wanted a basic run down of how the process goes. For example....from me going onto a website that uses https or port 554 for video streaming, what happens at BOTH ends. First, at my end I make the request and then my computer selects a random port with a destination port of 80, so how does it go from port 80 to port 443 or 554? Are those ports open on the server side? But on my actual cometer they're blocked but that doesn't matter because I'm not the one running the service basically? I just want clarity on it because it's confusing me now.

Thanks!

james43026 · September 2015

If you make an HTTPS request to a server for anything, first thing to happen after DNS translations are finished, would be the establishment of TCP sockets, these sockets are a combination of source IP address followed by the port number that your TCP/IP stack chooses at random, and would look something like this 192.168.1.1:38541 (this would be before translation to your public IP address, after which would just be public IP:38541). There would also be a socket for the destination as well, 216.58.216.206:443 for HTTPS. These sockets are what help both sides tell not only each active TCP/UDP connection apart from each other, but they also allow your TCP/IP stack to send the information to the correct application as well on both ends of the connection, the server would have a daemon running on it, which is just a process / service that is running on the server listening to a specific port or ports for requests, so in this case the server is listening on port 443, upon receiving the request the server would do it's best to comply with the request sent to it, and would track each individual connection from different users by using the sockets that it pulls from packets it is receiving. This is a high level overview and pretty abbreviated, but I think it might help.

CagePotan · September 2015

Robbo777 wrote: »

I just wanted a basic run down of how the process goes. For example....from me going onto a website that uses https or port 554 for video streaming, what happens at BOTH ends. First, at my end I make the request and then my computer selects a random port with a destination port of 80, so how does it go from port 80 to port 443 or 554? Are those ports open on the server side? But on my actual cometer they're blocked but that doesn't matter because I'm not the one running the service basically? I just want clarity on it because it's confusing me now.

Thanks!

Your computer selects a random source port and the port 80 as the destination port. If you use HTTPS, then the destination port is 443. These ports are indeed open on the server side and wait for connections. It doesn't matter if these ports are not open on your computer, they just need to be open on the destination server.

More info: link

Question about ports

Comments