*** Please use meaningful subject lines, it will tend to get more meaningful
*** replies, and it helps others searching the archives!
On Fri, 29 Sep 2000, Priscilla Oppenheimer wrote:
> At 04:04 PM 9/29/00, RAUNIYAR RAJEEV wrote:
>
> >Hi all,
> >
> >now i DO have a question. i'm reading up about ports used by TCP/UDP
> >protocols but im having trouble visualizing where the source port and
> >destination ports fit in. im thinking that the destination port (suppose
> >on a www, http segment) of 80, would be on the server from which we will
> >download the data right? and we would specify a port (called source
> >port) to which we want the data to come into our machine right?
> >but then how would the www server distinguish between many sessions if
> >their port is always port 80??
>
> You answered your own question. Sessions are distinguishable from each
> other because they have different source ports. 80 is a well-known port
> that clients use to get to Web servers. The client uses what is known as an
> ephemeral port -- a port number that the software makes up for the current
> session. It is a high number that won't conflict with a well-known port.
To expand on this further, ports below 1024 are considered "privileged",
and many ports are "well-known" meaning that certain applications will
be "listening" on them. For example, BGP-speaking routers have a socket
listening on TCP port 179, and packets sent to a destination port of 179
are handled by the BGP protocol process of the router. Similarly, web
servers have a socket listening on port TCP 80, name servers on UDP 53,
mail servers on TCP 25, etc. A list of the well-known port numbers as well
as many other useful numbers of things having to do with this industry is
in RFC 1700.
A machine seeking to initiate a TCP connection chooses a random port above
1023 as the source port. When it begins the connection, it opens a socket
in order to listen for a reply, and the three-way handshake is established
between this random source port and the specified destination. A trace of
the other side of the connection would show the source port/IP and the
destination port/IP combinations reversed. The other end's source port
will match this end's destination port and vice-versa.
This is how NAT overload or PAT keeps track of sessions. When an inside
IP begins a session with a destination, the NAT router re-maps the source
port to one of its choosing, and keeps a database of the outside port to
inside IP mappings. When the router detects a reply on a given port, it
uses this database to identify to which inside IP the reply should go, and
translates the (inside) destination port/IP to match that of the sending
machine. This is necessary to have multiple sessions carrying different
content to different inside machines and the same outside destination.
The command "show ip nat translations" will display this.
Say two inside machines both begin to browse the Yahoo web site at the
same time, but one requests a stock quote and the other an auction. The
PAT router sends two streams to Yahoo's IP address but from two different
source ports. Yahoo treats them as two different connections because the
source ports (assigned by the router) are different, even though the
source IP of the router's NAT pool may be the same. When the return
data streams come back, the router looks at the incoming port numbers
(its destination, Yahoo's source) and directs the streams to the proper
inside port/IP NAT pairs. Otherwise, the machine requesting stock
quotes might wind up displaying auction data, as the router would have
an ambiguity in its translation table as to which machine the stream
should be translated. By keeping track of its outside source port to
inside IP address mappings, the router can avoid this problem.
Extended access lists can filter on both source and destination ports,
to filter traffic by type. This isn't perfect, as it is possible to
move a traffic type to a port which isn't filtered. Many non-Web
applications use TCP port 80 as a destination in order to get around
corporate firewalls which are likely to block many ports but generally
allow web access.
--
Jay Hennigan - Network Administration - [EMAIL PROTECTED]
NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
WestNet: Connecting you to the planet. 805 884-6323
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
