LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   source\destination ports (http://www.linuxquestions.org/questions/linux-newbie-8/source%5Cdestination-ports-867460/)

toma20082010 03-09-2011 08:36 AM

source\destination ports
 
hey there guys,
i want to know what is a source port and what is a destination port.

thanks
hatem

repo 03-09-2011 08:40 AM

http://www.answers.com/topic/port-number

Kind regards

MensaWater 03-09-2011 08:56 AM

Whenever network connections are made they have both an IP address and a "port". Each side of the connection will have this. The source port is usually viewed as the port on the side that originated the connection and the destination port would be the the port on the other side. However, if you look at connection from one host its side will appear to be the source port and when you look at it from the other side its side will appear to be the source.

Additionally "sockets" are used to do interprocess communication within a host so often both sides of the connection are on the same host (i.e. have the same IP address) but will have different ports.

If you run "lsof -i" on your box you'll see all active network/ports on your host.

For example you might see something like:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2459 root 3u IPv6 6587 TCP *:ssh (LISTEN)
sshd 24266 root 3u IPv6 1610716 TCP 192.168.1.0:ssh->192.168.1.1:1128 (ESTABLISHED)

In the last column (NAME) you see things in form IP Address followed by colon followed by port. So in the last line of above you see the "source" is the "ssh" port on IP 192.168.1.0 and the "destination is port 1128 on IP 192.168.1.1. When you see a name rather than a number for port it means the port has been defined in the /etc/services file.

If you do: "grep ^ssh /etc/services" you would see something like:
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
This file tells you ssh is port 22. (tcp and udp are different transport mechanisms - the lsof output shows you that your connection is tcp).

So your "source port" is 22 and your destination port is 1128. If you logged into host at IP 192.168.1.1 and did the lsof it might show you the source is 1128 and the destination 22.

NOTE: The LISTEN line means that process is waiting for anything that requests port 22 and will establish a connection. Most daemons will have a LISTEN like this. Also the "*" before the colon and port on that line means to LISTEN on any network connection. By default your system has 127.0.0.1 (local host) and usually will have at least one NIC (e.g. eth0) but can have others - the "*" says to accept connection on any of those IP addresses.

toma20082010 03-09-2011 09:11 AM

anyone knows what packets can originate from a firewall?

MensaWater 03-09-2011 09:36 AM

Quote:

Originally Posted by toma20082010 (Post 4284190)
anyone knows what packets can originate from a firewall?

That question seems rather vague. There are many firewall types (software and hardware). Typically a "firewall" doesn't "originate" packets. The job of a firewall is the pass through or deny packets sent by others (and often it will NAT/PAT the packet to change apparent IP address if it is a "perimeter firewall").

toma20082010 03-09-2011 09:50 AM

Quote:

Originally Posted by MensaWater (Post 4284163)
Whenever network connections are made they have both an IP address and a "port". Each side of the connection will have this. The source port is usually viewed as the port on the side that originated the connection and the destination port would be the the port on the other side. However, if you look at connection from one host its side will appear to be the source port and when you look at it from the other side its side will appear to be the source.

Additionally "sockets" are used to do interprocess communication within a host so often both sides of the connection are on the same host (i.e. have the same IP address) but will have different ports.

If you run "lsof -i" on your box you'll see all active network/ports on your host.

For example you might see something like:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2459 root 3u IPv6 6587 TCP *:ssh (LISTEN)
sshd 24266 root 3u IPv6 1610716 TCP 192.168.1.0:ssh->192.168.1.1:1128 (ESTABLISHED)

In the last column (NAME) you see things in form IP Address followed by colon followed by port. So in the last line of above you see the "source" is the "ssh" port on IP 192.168.1.0 and the "destination is port 1128 on IP 192.168.1.1. When you see a name rather than a number for port it means the port has been defined in the /etc/services file.

If you do: "grep ^ssh /etc/services" you would see something like:
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
This file tells you ssh is port 22. (tcp and udp are different transport mechanisms - the lsof output shows you that your connection is tcp).

So your "source port" is 22 and your destination port is 1128. If you logged into host at IP 192.168.1.1 and did the lsof it might show you the source is 1128 and the destination 22.

NOTE: The LISTEN line means that process is waiting for anything that requests port 22 and will establish a connection. Most daemons will have a LISTEN like this. Also the "*" before the colon and port on that line means to LISTEN on any network connection. By default your system has 127.0.0.1 (local host) and usually will have at least one NIC (e.g. eth0) but can have others - the "*" says to accept connection on any of those IP addresses.

thank u very much for these useful information.
allow me take advantage of your knowledge and ask u to check if the following command fit the constrant or what.
the constrant is i want to manage a range of ports allowing a traffic from a specified source accepted and vice
versa, will it look like this:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx --sport xxxx:xxxx -j ACCEPT

thanks

toma20082010 03-09-2011 09:53 AM

Quote:

Originally Posted by MensaWater (Post 4284237)
That question seems rather vague. There are many firewall types (software and hardware). Typically a "firewall" doesn't "originate" packets. The job of a firewall is the pass through or deny packets sent by others (and often it will NAT/PAT the packet to change apparent IP address if it is a "perimeter firewall").

yes, i catch what u want to say.
i have just read that the output chain is responsible for filtering packets originated from the firewall,
so i wandered what kind of packets that will be originated from the firewall

chrism01 03-09-2011 08:11 PM

You may find this useful http://www.linuxtopia.org/online_boo...-iptables.html.
As MensaWater said, a firewall does not originate pkts.


All times are GMT -5. The time now is 12:48 AM.