Packet Filtering Confusion

cbriantcbriant Member Posts: 59 ■■□□□□□□□□
Hi,

I get confused with source and destination ports, does anyone know of a website that explains this clearly?

Chris.

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    The source port is the port that is used on the machine sending the data. The destination port is the target port of the recipient machine. What are you having a hard time with?
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Perhaps this will help.

    So here's an example in netstat:

    TCP 192.168.1.109:53542 207.68.183.124:http ESTABLISHED

    192.168.1.109 is the IP address of my machine. Please, don't hack me! icon_eek.gif

    On a more serious note...

    As you can see, 53542 is a randomly used port to send data to a destination of 207.68.183.124 over the http (80) protocol. The way this works is through NAT Overloading (PAT). So essentially, the reason why we have a source port is as follows:

    The sending computer sends with:
    Source: 192.168.1.109:53542
    Destination: 207.68.183.124:http (port 80)

    The packet hits the router
    The router changes the source IP to the public IP of the router (lets say 1.2.3.4)
    The destination receives the packet

    The destination computer then sends data back with:
    Source: 207.68.183.124
    Destination: 1.2.3.4:53542

    You can now probably see why we use source ports vs destination port. The packet contains the original source port. When the http server (207.68.183.124) received the packet, it knows the packet originally used a source port of 53542 so when it responds to the public router of the original sender using port 53542, the router of the original sender knows to send it back to the system that originally sent the data over 53542 by using its' NAT table.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
Sign In or Register to comment.