11-13-2007 10:37 PM - edited 03-03-2019 07:32 PM
Imagine I am trying to validate whether WAN Accelerators (Cisco WAAS) change or not ports of applications over the WAN. This is what I am doing:
WAAS1--Router1--<WAN SIMULATOR>--Router2--WAAS2
Then I take a TCMPDump on WANSimulator.
I see something like this on my TCMPDump:
serverIP.80 > clientIP.3343
My question is, the serverIP is correctly represented over port 80.
I am unsure about the information regarding the target port to reach the client. Shouldn't that be port 80? I was debating this with a co-worker and then we recalled that client ports may respond on random port#. Is my interpretation correct?
Solved! Go to Solution.
11-13-2007 10:59 PM
You were absolutely right.
Application work on well known ports ranging from 0 - 1023.
1024 - 49151 are called the registered ports. These can be assigned to certain new protocols by software companies.
49152-65535 are called ephemeral ports. These are randomly assigned to any client accessing application.
Pls note that this a recommendation of IANA. But is not enforced. Sometimes, ports may be assigned to different protocols or application to that defined by IANA like worms or trojans.
Lets take ur case. HTTP works on port 80. Your client connects to this application on port 3343. So src port is 3343 & dest port is 80. When server responds, this reverses i.e. src port becomes 80 & dest port is 3343.
Pls rate if this helped.
11-13-2007 10:59 PM
You were absolutely right.
Application work on well known ports ranging from 0 - 1023.
1024 - 49151 are called the registered ports. These can be assigned to certain new protocols by software companies.
49152-65535 are called ephemeral ports. These are randomly assigned to any client accessing application.
Pls note that this a recommendation of IANA. But is not enforced. Sometimes, ports may be assigned to different protocols or application to that defined by IANA like worms or trojans.
Lets take ur case. HTTP works on port 80. Your client connects to this application on port 3343. So src port is 3343 & dest port is 80. When server responds, this reverses i.e. src port becomes 80 & dest port is 3343.
Pls rate if this helped.
11-14-2007 07:32 AM
That's exactly correct. I do TCMPDump on the client side and I confirm that ports are not necessarily initiated on known ports.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: