Packet Filtering Confusion

cbriant

Hi,

I get confused with source and destination ports, does anyone know of a website that explains this clearly?

Chris.

dynamik

The source port is the port that is used on the machine sending the data. The destination port is the target port of the recipient machine. What are you having a hard time with?

royal

Perhaps this will help.

So here's an example in netstat:

TCP 192.168.1.109:53542 207.68.183.124:http ESTABLISHED

192.168.1.109 is the IP address of my machine. Please, don't hack me!

On a more serious note...

As you can see, 53542 is a randomly used port to send data to a destination of 207.68.183.124 over the http (80) protocol. The way this works is through NAT Overloading (PAT). So essentially, the reason why we have a source port is as follows:

The sending computer sends with:
Source: 192.168.1.109:53542
Destination: 207.68.183.124:http (port 80)

The packet hits the router
The router changes the source IP to the public IP of the router (lets say 1.2.3.4)
The destination receives the packet

The destination computer then sends data back with:
Source: 207.68.183.124
Destination: 1.2.3.4:53542

You can now probably see why we use source ports vs destination port. The packet contains the original source port. When the http server (207.68.183.124) received the packet, it knows the packet originally used a source port of 53542 so when it responds to the public router of the original sender using port 53542, the router of the original sender knows to send it back to the system that originally sent the data over 53542 by using its' NAT table.