Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
TCP/UDP Port Notions: Multiplexing/Demultiplexing<br />
A station can simultaneously transmit and receive several TCP and UDP data flows. For this to happen,<br />
each extremity (and these can be different for each established communication) must be attached to a<br />
packet arriving on an interface. To do this, TCP and UDP protocols use port numbers. These numbers<br />
are COMPULSARY in any TCP or UDP communication, and can associate a communication to a<br />
process. All data transiting on the network therefore has two port numbers: the first one on the<br />
transmitting side, the second one one the destination side. All communications thus have 2 couples <strong>of</strong><br />
numbers (IP address, port used) relative to an extremity.<br />
TCP and UDP ports are totally independent. It is therefore possible to have a simultaneous<br />
communication on port 25/TCP and port 25/UDP.<br />
This technique corresponds to multiplexing/demultiplexing. By decoding the port number in the packet,<br />
data is sent to one or the other process <strong>of</strong> the system. Systems conventionally implement the following<br />
rules:<br />
• Port numbers under 1024 can only be used by the super-user,<br />
• A client application using TCP or UDP will use a port number above 1024 (even if the user is<br />
the super-user). There are however some voluntary exceptions, such as r-services...<br />
A communication implies that a port be open to the client machine and that another port be open to the<br />
server machine. These ports are not necessarily the same one.<br />
1. A server application opens a port permanently to allow for waiting time for connection requests.<br />
2. A client application opens ports on a needs basis. It does not wait for a connection request, it<br />
does not have the role <strong>of</strong> a server application and therefore it is not a point <strong>of</strong> entry into a system.<br />
3. There are 65,535 ports; no more, no less. Most <strong>of</strong> these are reserved for specific services (FTP:<br />
21, telnet: 23, SMTP: 25, etc.)<br />
4. A closed port is like a wall made <strong>of</strong> reinforced concrete: nothing enters, nothing exits.<br />
Examples<br />
1. When A sends to B a TCP packet with an activated SYN flag, and the requested port is closed, B<br />
machine sends back a TCP packet with an activated RST flag. Some firewalls do not send back<br />
a TCP packet with an activated RST flag (such as ZoneAlarm).<br />
2. When A wants to connect to B's HTTP server, its client application (Internet Explorer) will open a<br />
port (1106, for example). The client application will send a packet made up <strong>of</strong> IP, TCP, HTTP<br />
headers to port 80 <strong>of</strong> B machine.<br />
The <strong>Hack</strong>ademy DMP -17/209- SYSDREAM