TCP Session: Antecedent Port

Written on 04:56 by Ahmet Emir


The afterward advertisement shows a TCP affair captured with OmniPeek analyzer software:

TCP - Transport Control Protocol

Source Port: 5973

Destination Port: 23

Sequence Number: 1456389907

Ack Number: 1242056456

Offset: 5

Reserved: 0000

Code: %011000

Ack is valid

Push Request

Window: 61320

FTP Telnet Doom DNS TFTP POP3

Transport TCP

layer

Application

layer

Port

numbers

UDP

News

21 23 666 53 69 110 119

TCP/IP and the DoD Model 81

Checksum: 0x61a6

Urgent Pointer: 0

No TCP Options

TCP Data Area:

vL.5.+.5.+.5.+.5 76 4c 19 35 11 2b 19 35 11 2b 19 35 11

2b 19 35 +. 11 2b 19

Frame Check Sequence: 0x0d00000f

Notice that the antecedent host makes up the antecedent port, which in this case is 5973. The destination

port is 23, which is acclimated to acquaint the accepting host the purpose of the advised connection

(Telnet).

By attractive at this session, you can see that the antecedent host makes up the antecedent anchorage by

using numbers from 1024 to 65535. But why does the antecedent accomplish up a anchorage number? To differentiate

between sessions with altered hosts, my friend. How would a server apperceive where

information is advancing from if it didn’t accept a altered cardinal from a sending host? TCP and

the high layers don’t use accouterments and analytic addresses to accept the sending host’s

address as the Data Link and Network band protocols do. Instead, they use anchorage numbers. And

it’s accessible to brainstorm the accepting host accepting thoroughly abashed if all the hosts acclimated the same

source anchorage cardinal to get to FTP!

TCP Session: Destination Port

You’ll sometimes attending at an analyzer and see that alone the antecedent anchorage is aloft 1024 and the

destination anchorage is a acclaimed port, as apparent in the afterward trace:

TCP - Transport Control Protocol

Source Port: 1144

Destination Port: 80 World Wide Web HTTP

Sequence Number: 9356570

Ack Number: 0

Offset: 7

Reserved: 0000

Code: 0010

Synch Sequence

Window: 8192

Checksum: 0x57E7

Urgent Pointer: 0

TCP Options:

Option Type: 2 Maximum Segment Size

Length: 4

MSS: 536

Option Type: 1 No Operation

Option Type: 1 No Operation

Option Type: 4

82 Chapter 2  Introduction to TCP/IP

Length: 2

Opt Value:

No More HTTP Data

Frame Check Sequence: 0x43697363

And abiding enough, the antecedent anchorage is over 1024, but the destination anchorage is 80, or HTTP service.

The server, or accepting host, will change the destination anchorage if it needs to.

In the above-mentioned trace, a “syn” packet is beatific to the destination device. The syn arrangement is

what’s cogent the alien destination accessory that it wants to actualize a session.

Posted in

If you enjoyed this post Subscribe to our feed

No Comment

Yorum Gönder