DISQUS

DISQUS Hello! dmiessler.com | grep understanding is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

dmiessler.com | grep understanding

dmiessler.com/about/
Jump to original thread »
Author

Security: How Network Ports Work

Started by Daniel Miessler · 7 months ago

Many who are new to networking and security wonder what it means to have “ports” open on your computer. Some get rather anxious when an online port scan reveals that something’s open on their system. What follows is a silly, but hopefully memorable way for begin ... Continue reading »

8 comments

  • Yur

    2 years ago

    I've often wondered about ports used to send data.

    I know that a webserver listening on the default HTTP port of 80 will "lock" that port on a machine. Two processes can't listen on the same port (at least with any OS's I'm familiar with).

    But when I'm on my desktop, does my browser use a port to send/receive data from a webserver?

    If I'm running a local webserver listening on port 80, and then on the same machine I use my browser ... how does the response traffic not go to my webserver (thus confusing everyone involved)?

    /boggle
    reply
  • Matt

    2 years ago

    Yur

    The 'connection' between your web browser and the web server is between the port on your machine and the port on theirs. Typically connections *from* your machine will be made above port 1024, if not higher, *to* a server on a port below 1024.

    So, your web server listens on port 80, and your web browser 'listens' on a higher port, for the specific task of talking to the remote web server for one session.

    Hope this makes a bit of sense.. :)
    reply
  • Jason Powell

    2 years ago

    A most excellent explanation for me, someone who never knew anything about ports, etc. Unfortunately, now, if I find myself in a situation called upon to explain this phenomenon, the only analogy I'll have handy will involve midgets on spring-loaded windows. I am heartened, though, that this is apparently the same situation you, yourself, are in.
    reply
  • arikb

    2 years ago

    Gotta love metaphors.

    -- Arik
    reply
  • Tim

    2 years ago

    Haw haw. I just had a mental image of Daniel yelling at his computer:

    "Hey all you midgets in there! Quit yackin' and get back to work!"
    reply
  • Daniel Miessler

    2 years ago

    > If I’m running a local webserver listening on port 80, and then on the same machine I use my browser … how does the response traffic not go to my webserver (thus confusing everyone involved)?

    In general, "client" ports (also called ephemeral ports) are very high -- often in the many thousands. The low ports (especially those below 1024) are reserved for common services such as web, ftp, telnet, etc.

    So think of it this way -- each side of a connection has two things: 1) an IP address, and 2) a port. Usually the server side will be a low port and the client a high one, but it depends on the application so that's not always the case.

    Hope this helps...
    reply
  • Michael S Black

    2 years ago

    Are the midgets unionized?

    **We represent the Lollipop Guild, the Lollipop Guild, the Lollipop Guild**
    reply
  • Yur

    2 years ago

    Ahhh, I see now.

    So this (from lsof) makes more sense now:

    firefox-b 250 yur 43u IPv4 0x4177018 0t0 TCP 10.0.0.102:53475->ar-in-f104.google.com:http (ESTABLISHED)

    Firefox has an open connection with Google using my local port 53475, right? I guess outbound connections pick a random port and make sure it isn't in use or something? I assume there is a nice POSIX system call for this sort of thing? get_an_unused_user_port() sort of thing?

    Thanks for the info.
    reply

Add New Comment

Returning? Login