LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 03-09-2011, 07:36 AM   #1
toma20082010
LQ Newbie
 
Registered: Feb 2011
Posts: 22

Rep: Reputation: 0
Thumbs up source\destination ports


hey there guys,
i want to know what is a source port and what is a destination port.

thanks
hatem
 
Old 03-09-2011, 07:40 AM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,511

Rep: Reputation: 884Reputation: 884Reputation: 884Reputation: 884Reputation: 884Reputation: 884Reputation: 884
http://www.answers.com/topic/port-number

Kind regards
 
Old 03-09-2011, 07:56 AM   #3
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,009
Blog Entries: 5

Rep: Reputation: 787Reputation: 787Reputation: 787Reputation: 787Reputation: 787Reputation: 787Reputation: 787
Whenever network connections are made they have both an IP address and a "port". Each side of the connection will have this. The source port is usually viewed as the port on the side that originated the connection and the destination port would be the the port on the other side. However, if you look at connection from one host its side will appear to be the source port and when you look at it from the other side its side will appear to be the source.

Additionally "sockets" are used to do interprocess communication within a host so often both sides of the connection are on the same host (i.e. have the same IP address) but will have different ports.

If you run "lsof -i" on your box you'll see all active network/ports on your host.

For example you might see something like:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2459 root 3u IPv6 6587 TCP *:ssh (LISTEN)
sshd 24266 root 3u IPv6 1610716 TCP 192.168.1.0:ssh->192.168.1.1:1128 (ESTABLISHED)

In the last column (NAME) you see things in form IP Address followed by colon followed by port. So in the last line of above you see the "source" is the "ssh" port on IP 192.168.1.0 and the "destination is port 1128 on IP 192.168.1.1. When you see a name rather than a number for port it means the port has been defined in the /etc/services file.

If you do: "grep ^ssh /etc/services" you would see something like:
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
This file tells you ssh is port 22. (tcp and udp are different transport mechanisms - the lsof output shows you that your connection is tcp).

So your "source port" is 22 and your destination port is 1128. If you logged into host at IP 192.168.1.1 and did the lsof it might show you the source is 1128 and the destination 22.

NOTE: The LISTEN line means that process is waiting for anything that requests port 22 and will establish a connection. Most daemons will have a LISTEN like this. Also the "*" before the colon and port on that line means to LISTEN on any network connection. By default your system has 127.0.0.1 (local host) and usually will have at least one NIC (e.g. eth0) but can have others - the "*" says to accept connection on any of those IP addresses.
 
1 members found this post helpful.
Old 03-09-2011, 08:11 AM   #4
toma20082010
LQ Newbie
 
Registered: Feb 2011
Posts: 22

Original Poster
Rep: Reputation: 0
anyone knows what packets can originate from a firewall?
 
Old 03-09-2011, 08:36 AM   #5
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,009
Blog Entries: 5

Rep: Reputation: 787Reputation: 787Reputation: 787Reputation: 787Reputation: 787Reputation: 787Reputation: 787
Quote:
Originally Posted by toma20082010 View Post
anyone knows what packets can originate from a firewall?
That question seems rather vague. There are many firewall types (software and hardware). Typically a "firewall" doesn't "originate" packets. The job of a firewall is the pass through or deny packets sent by others (and often it will NAT/PAT the packet to change apparent IP address if it is a "perimeter firewall").
 
1 members found this post helpful.
Old 03-09-2011, 08:50 AM   #6
toma20082010
LQ Newbie
 
Registered: Feb 2011
Posts: 22

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by MensaWater View Post
Whenever network connections are made they have both an IP address and a "port". Each side of the connection will have this. The source port is usually viewed as the port on the side that originated the connection and the destination port would be the the port on the other side. However, if you look at connection from one host its side will appear to be the source port and when you look at it from the other side its side will appear to be the source.

Additionally "sockets" are used to do interprocess communication within a host so often both sides of the connection are on the same host (i.e. have the same IP address) but will have different ports.

If you run "lsof -i" on your box you'll see all active network/ports on your host.

For example you might see something like:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2459 root 3u IPv6 6587 TCP *:ssh (LISTEN)
sshd 24266 root 3u IPv6 1610716 TCP 192.168.1.0:ssh->192.168.1.1:1128 (ESTABLISHED)

In the last column (NAME) you see things in form IP Address followed by colon followed by port. So in the last line of above you see the "source" is the "ssh" port on IP 192.168.1.0 and the "destination is port 1128 on IP 192.168.1.1. When you see a name rather than a number for port it means the port has been defined in the /etc/services file.

If you do: "grep ^ssh /etc/services" you would see something like:
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
This file tells you ssh is port 22. (tcp and udp are different transport mechanisms - the lsof output shows you that your connection is tcp).

So your "source port" is 22 and your destination port is 1128. If you logged into host at IP 192.168.1.1 and did the lsof it might show you the source is 1128 and the destination 22.

NOTE: The LISTEN line means that process is waiting for anything that requests port 22 and will establish a connection. Most daemons will have a LISTEN like this. Also the "*" before the colon and port on that line means to LISTEN on any network connection. By default your system has 127.0.0.1 (local host) and usually will have at least one NIC (e.g. eth0) but can have others - the "*" says to accept connection on any of those IP addresses.
thank u very much for these useful information.
allow me take advantage of your knowledge and ask u to check if the following command fit the constrant or what.
the constrant is i want to manage a range of ports allowing a traffic from a specified source accepted and vice
versa, will it look like this:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx --sport xxxx:xxxx -j ACCEPT

thanks
 
Old 03-09-2011, 08:53 AM   #7
toma20082010
LQ Newbie
 
Registered: Feb 2011
Posts: 22

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by MensaWater View Post
That question seems rather vague. There are many firewall types (software and hardware). Typically a "firewall" doesn't "originate" packets. The job of a firewall is the pass through or deny packets sent by others (and often it will NAT/PAT the packet to change apparent IP address if it is a "perimeter firewall").
yes, i catch what u want to say.
i have just read that the output chain is responsible for filtering packets originated from the firewall,
so i wandered what kind of packets that will be originated from the firewall
 
Old 03-09-2011, 07:11 PM   #8
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,287

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
You may find this useful http://www.linuxtopia.org/online_boo...-iptables.html.
As MensaWater said, a firewall does not originate pkts.
 
  


Reply

Tags
destination, iptables, source


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is this possible in iptable? Switching destination IP to source. julienr78 Linux - Networking 2 09-16-2010 12:33 PM
Incorrect source/destination ports when reading tcpdump data with libpcap Nylex Programming 2 06-21-2007 04:10 AM
Copying Files from one source to a destination vgdeveloper05 Programming 1 12-10-2006 02:28 PM
iptables - source ? destination ? From where ? Dek Linux - Networking 3 04-30-2003 11:43 PM
Martion Source/Destination bfloeagle Linux - Networking 2 06-13-2001 06:42 AM


All times are GMT -5. The time now is 04:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration