danielmiessler.com - Latest Comments in Security: How Network Ports Work

Re: Security: How Network Ports Work

Yur — Fri, 16 Feb 2007 13:48:57 -0000

Ahhh, I see now.

So this (from lsof) makes more sense now:

firefox-b 250 yur 43u IPv4 0x4177018 0t0 TCP 10.0.0.102:53475->ar-in-f104.google.com:http (ESTABLISHED)

Firefox has an open connection with Google using my local port 53475, right? I guess outbound connections pick a random port and make sure it isn't in use or something? I assume there is a nice POSIX system call for this sort of thing? get_an_unused_user_port() sort of thing?

Thanks for the info.

Re: Security: How Network Ports Work

Michael S Black — Fri, 16 Feb 2007 08:36:08 -0000

Are the midgets unionized?

**We represent the Lollipop Guild, the Lollipop Guild, the Lollipop Guild**

Re: Security: How Network Ports Work

Daniel Miessler — Thu, 15 Feb 2007 23:03:07 -0000

> If I’m running a local webserver listening on port 80, and then on the same machine I use my browser … how does the response traffic not go to my webserver (thus confusing everyone involved)?

In general, "client" ports (also called ephemeral ports) are very high -- often in the many thousands. The low ports (especially those below 1024) are reserved for common services such as web, ftp, telnet, etc.

So think of it this way -- each side of a connection has two things: 1) an IP address, and 2) a port. Usually the server side will be a low port and the client a high one, but it depends on the application so that's not always the case.

Hope this helps...

Re: Security: How Network Ports Work

Tim — Thu, 15 Feb 2007 22:45:15 -0000

Haw haw. I just had a mental image of Daniel yelling at his computer:

"Hey all you midgets in there! Quit yackin' and get back to work!"

Re: Security: How Network Ports Work

Arik — Thu, 15 Feb 2007 22:36:04 -0000

Gotta love metaphors.

-- Arik

Re: Security: How Network Ports Work

Jason Powell — Thu, 15 Feb 2007 18:54:50 -0000

A most excellent explanation for me, someone who never knew anything about ports, etc. Unfortunately, now, if I find myself in a situation called upon to explain this phenomenon, the only analogy I'll have handy will involve midgets on spring-loaded windows. I am heartened, though, that this is apparently the same situation you, yourself, are in.

Re: Security: How Network Ports Work

Matt — Thu, 15 Feb 2007 18:32:36 -0000

Yur

The 'connection' between your web browser and the web server is between the port on your machine and the port on theirs. Typically connections *from* your machine will be made above port 1024, if not higher, *to* a server on a port below 1024.

So, your web server listens on port 80, and your web browser 'listens' on a higher port, for the specific task of talking to the remote web server for one session.

Hope this makes a bit of sense.. :)

Re: Security: How Network Ports Work

Yur — Thu, 15 Feb 2007 18:05:31 -0000

I've often wondered about ports used to send data.

I know that a webserver listening on the default HTTP port of 80 will "lock" that port on a machine. Two processes can't listen on the same port (at least with any OS's I'm familiar with).

But when I'm on my desktop, does my browser use a port to send/receive data from a webserver?

If I'm running a local webserver listening on port 80, and then on the same machine I use my browser ... how does the response traffic not go to my webserver (thus confusing everyone involved)?

/boggle