be unable to send both an email and browse a web
page, using one server at the same time. A method for transport
layer conversations to be separated must be used.Hosts running
TCP/IP associate ports at the transport layer with certain
applications. Port numbers are used to keep track of different
conversations that cross the network at the same time. Port
numbers are needed when a host is communicating with a server
running multiple services. Both TCP and UDP use port or socket
numbers to pass information to the upper layers. Application
software developers have agreed to use the well-known port
numbers that are defined in RFC1700. Any conversation bound for
the FTP application uses the standard port number 21.
Conversations that do not involve applications with well-known
port numbers are assigned port numbers that have been randomly
selected from within a specific range. These port numbers are
used as source and destination addresses in the TCP segment.
Port numbers have the following assigned ranges:
- Numbers below 255 are reserved for public
applications
- Numbers from 255-1023 are assigned to
companies for marketable applications
- Numbers above
1023 are unregulated
End systems use port numbers to
select proper applications. Source port numbers are dynamically
assigned by the originating host, and are usually a number
larger than 1023. Port numbers in the range of 0-1023 are
controlled by the Internet Assigned Numbers Authority. Post
office box numbers are a good analogy for port numbers. A piece
of mail may be sent to a zip code, city, and P.O. box. The zip
code and city direct mail to the correct general mail facility
while the P.O. box ensures the item is delivered to the one
individual to whom the mail is addressed. Similarly, the IP
address gets the packet to the correct server, but the TCP or
UDP port number guarantees the packet is passed to the correct
application.
Content 10.2
Overview of Transport Layer Ports 10.2.2 Ports
for services Services running on hosts must have a port
number assigned to them so communication can occur. A remote
host attempting to connect to a service expects that service to
use specific transport layer protocols and ports. Some ports,
defined in RFC 1700 are known as the well-known ports, and
reserved in both TCP and UDP. These well-known ports define
applications that run above the transport layer protocols. For
instance, a server running the FTP service will forward TCP
connections using ports 20 and 21 from clients to its FTP
application. In this way, the server can determine exactly what
service a client is requesting. TCP and UDP use port numbers to
determine the correct service to which requests are forwarded.
Web Links Ports and Services
http://www.spirit.com/Resources/ ports.html
Content
10.2 Overview of Transport Layer
Ports 10.2.3 Ports for clients Whenever a
client connects to a service on a server, a source and
destination port must be specified. TCP and UDP segments
contain fields for source and destination ports. Destination
ports, or ports for services, are normally defined using the
well-known ports. Source ports set by the client are determined
dynamically.In general, a client determines the source port by
randomly assigning a number above 1023. For instance, a client
attempting to communicate with a web server uses TCP and
assigns the destination port as 80 and the source port as 1045.
When the packet arrives at the server, it passes up to the
transport layer and eventually to the HTTP service which
operates at port 80. The HTTP server responds to the clients
request with a segment which uses port 80 as the source and
1045 as the destination. In this way, clients and servers use
ports to distinguish what process the segment is associated
with. Web Links Standard TCP and UDP Protocols
http://www.stearns.org/mason/ mason-6.html
Content
10.2 Overview of Transport Layer
Ports 10.2.4 Port numbering and well-known port
numbers Port numbers are represented by 2 bytes in the
header of a TCP or UDP segment. This 16-bit value can result in
port numbers ranging from 0 to 65535. These port numbers are
divided into three different categories: well-known ports,
registered ports, and dynamic or private ports. The first 1023
ports are well-known ports. As the name implies, these ports
are used for well-known network services, such as FTP, Telnet,
or DNS. Registered ports range from 1024 to 49151. Ports
between 49152 and 65535 are defined as dynamic or private
ports. Interactive Media Activity Drag and Drop: Port
Numbers After completing this activity, the student will be
able to understand port numbers. Web Links Port
Knowledgebase http://www.iss.net/security_center/
advice/Exploits/Ports/
Content 10.2
Overview of Transport Layer Ports 10.2.5
Example of multiple sessions between hosts Port numbers are
used to track multiple sessions that can occur between hosts.
The source and destination port numbers combine with the
network address to form a socket. A pair of sockets, one on
each host, forms a unique connection. For instance, a host
might have a telnet connection, port 23, while at the same time
be surfing the net, port 80. The IP and the MAC addresses would
be the same because the packets are coming from the same host.
Therefore, each conversation on the source side needs its own
port number, and each service requested needs its own port
number. Lab Activity Lab Exercise: Well-Known Port
Numbers and Multiple Sessions In this lab, the student will
enable HTTP services on a router
Content
10.2 Overview of Transport Layer
Ports 10.2.6 Comparison of MAC addresses, IP
addresses, and port numbers These three methods of
addressing are often confusing, but this can be avoided if the
addresses are explained in reference to the OSI model. Port
numbers are located at the transport layer and are serviced by
the network layer. The network layer assigns the logical
address (IP address) and is then serviced by the data link
layer which assigns the physical address (MAC address).A good
analogy can be made with a normal letter. The address on a
letter consists of a name, street, city, and state. These can
be compared to the port, MAC, and IP address used for network
data. The name on the envelope would be equivalent to a port
number, the street address is the MAC, and the city and state
is the IP address. Multiple letters can be mailed to the same
street address, city and state, but contain different names on
the letters. For instance, two letters could be mailed to the
same house with one addressed to “John Doe” and the other to
“Jane Doe”. This is analogous to multiple sessions with
different port numbers.
Content Summary An
understanding of the following key points should have been
achieved: - TCP operation description
- Synchronization process (three-way handshake)
- Denial-of-service attacks
- Windowing and window
size
- Sequencing numbers
- Positive ACK
- UDP operation
- Multiple conversations between
hosts
- Ports for services
- Ports for
clients
- Port numbering and well-known ports
- Example of multiple sessions between hosts
- Comparison of MAC addresses, IPaddresses, and port
numbers