meaning of port numbers -->Re: Identifying ports

(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version

meaning of port numbers

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):

From - Tue Oct 19 17:39:56 1999
Xref: world comp.unix.sco.misc:107899
Path: world!newsfeed.mathworks.com!remarQ-easT!rQdQ!supernews.com!remarQ.com!corp.supernews.com!not-for-mail
From: Jeff Liebermann <jeffl@comix.santa-cruz.ca.us>
Newsgroups: comp.unix.sco.misc
Subject: Re: Identifying ports
Date: Tue, 19 Oct 1999 10:09:47 -0700
Organization: Committee To Maintain an Independent Xenix
Lines: 60
Message-ID: <UqEMOGH3dHdLWK3t+CDm4S7p6=2S@4ax.com> 
References: <380C75F0.72CD95A1@MicroScam.com> 
Reply-To: jeffl@comix.santa-cruz.ca.us
X-Complaints-To: newsabuse@supernews.com
X-Newsreader: Forte Agent 1.6/32.525
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mozilla-Status: 8011

On Tue, 19 Oct 1999 09:45:20 -0400, Still Learnin'
<TheirLipsAreMoving@MicroScam.com> wrote:

>   When I look at the list of active internet connections returned by
>netstat, most of the entries in the Local Address column are in the
>format of <MyHost>.<WellKnownServiceName>.  There are some entries,
>however, that are simply <MyHost>.<PortNumber>.  Looking thru a well
>known service listing (excerpted from RFC 1060) didn't help.  And no,
>the port numbers are not 12345, 12346 or 31337.


See:
        http://www.isi.edu/in-notes/iana/assignments/port-numbers
for a better list.

>   How can I tell what is transpiring on those ports and what
>process(es) are responsible?  These are almost always using the tcp
>protocol; the states vary.  The Foreign Address is most often another
><MyHost>.<Much BiggerPortNumber>, but occasionally it is
><AnotherMachine>.<Very LargePortNumber>.

It's more important to know how such things work.  Port numbers below
1024 are considered fairly well fixed.  You can look up the service in
/etc/services and have a fair chance of having it agree with what your
seeing with netstat.  The way it's suppose to be is:

0 -> 1023 = Well known ports.
1024 -> 49151 = Registered Ports
49152 -> 65535 = Dynamic and/or Private Ports

However, just about every box and service that assigns port numbers on
the fly considers 1024 -> 65535 as their playground thanks mostly to
ftp, NAT, and H.323.  Watch what ports get assigned when you ftp
something from an ftp site.  The ftp server assigns a random port
number and your download arrives via that port.  Netstat will show an
ftp connection to a given IP address, but using the random port
number.

NAT (Network Address Translation) is more properly called PAT (Port
Address Translation).  It's a mechanism by which one can hide an
entire private network behind a single IP address.  To the internet
(WAN), every packet looks like it's coming from a single IP address.
However, the port numbers are different for each connection.  That's
one source of your apparently random port numbers.  NAT/PAT uses the
port numbers to keep track of connection.  Proxy servers do the same
thing.  H.323 (Net Meeting) seems to grab ports at random.


To the best of my limited knowledge, there is no way to relate a port
number between 1024-65000 to a specific service from inside a LAN
running PAT or other service that rewrites headers.  Some of the
smarter protocol analyzers will sniff the packet payload and make a
good guess.  I can usually tell by the name of the system I'm
connecting with.



-- 
Jeff Liebermann  150 Felker St #D  Santa Cruz CA 95060
(831)421-6491 pgr (831)426-1240 fax (831)336-2558 home
http://www.cruzio.com/~jeffl   WB6SSY
jeffl@comix.santa-cruz.ca.us   jeffl@cruzio.com

Click here to add your comments

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar

Why no "Digg this!" etc.?

Take Control of Maintaining Your Mac

Take Control of Syncing Data in Leopard

Take Control of Upgrading to Snow Leopard

Macworld Total Snow Leopard Superguide

Take Control of Easy Backups in Leopard

Take Control of Fonts in Leopard

Printer Friendly Version

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.

Printer Friendly Version

More:

- OSR5

- Bofcusm

Unix/Linux Consultants

Skills Tests

Guest Post Here

My Favorites