Packet Filtering Confusion
cbriant
Member Posts: 59 ■■□□□□□□□□
Hi,
I get confused with source and destination ports, does anyone know of a website that explains this clearly?
Chris.
I get confused with source and destination ports, does anyone know of a website that explains this clearly?
Chris.
Comments
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□The source port is the port that is used on the machine sending the data. The destination port is the target port of the recipient machine. What are you having a hard time with?
-
royal Member Posts: 3,352 ■■■■□□□□□□Perhaps this will help.
So here's an example in netstat:
TCP 192.168.1.109:53542 207.68.183.124:http ESTABLISHED
192.168.1.109 is the IP address of my machine. Please, don't hack me!
On a more serious note...
As you can see, 53542 is a randomly used port to send data to a destination of 207.68.183.124 over the http (80) protocol. The way this works is through NAT Overloading (PAT). So essentially, the reason why we have a source port is as follows:
The sending computer sends with:
Source: 192.168.1.109:53542
Destination: 207.68.183.124:http (port 80)
The packet hits the router
The router changes the source IP to the public IP of the router (lets say 1.2.3.4)
The destination receives the packet
The destination computer then sends data back with:
Source: 207.68.183.124
Destination: 1.2.3.4:53542
You can now probably see why we use source ports vs destination port. The packet contains the original source port. When the http server (207.68.183.124) received the packet, it knows the packet originally used a source port of 53542 so when it responds to the public router of the original sender using port 53542, the router of the original sender knows to send it back to the system that originally sent the data over 53542 by using its' NAT table.“For success, attitude is equally as important as ability.” - Harry F. Banks