Imagine I am trying to validate whether WAN Accelerators (Cisco WAAS) change or not ports of applications over the WAN. This is what I am doing:
Then I take a TCMPDump on WANSimulator.
I see something like this on my TCMPDump:
serverIP.80 > clientIP.3343
My question is, the serverIP is correctly represented over port 80.
I am unsure about the information regarding the target port to reach the client. Shouldn't that be port 80? I was debating this with a co-worker and then we recalled that client ports may respond on random port#. Is my interpretation correct?
You were absolutely right.
Application work on well known ports ranging from 0 - 1023.
1024 - 49151 are called the registered ports. These can be assigned to certain new protocols by software companies.
49152-65535 are called ephemeral ports. These are randomly assigned to any client accessing application.
Pls note that this a recommendation of IANA. But is not enforced. Sometimes, ports may be assigned to different protocols or application to that defined by IANA like worms or trojans.
Lets take ur case. HTTP works on port 80. Your client connects to this application on port 3343. So src port is 3343 & dest port is 80. When server responds, this reverses i.e. src port becomes 80 & dest port is 3343.
Pls rate if this helped.