Doesn’t the dynamic ports keep changing? If yes, wont these ports change and communication stop? Please advice.
If I understand your question, then in short, no.
When your HTTP client (aka web browser) opens a connection the operating system picks a random port number from the dynamic (or "ephemeral") range.
All of the communications for that connection continue to use that same port.
Only when a new connection is opened is another port chosen.
To clarify the other end...
Servers of "standard application protocols", like HTTP and FTP have a port assigned to them by a standards body IANA. For example, in the case of HTTP, the default port is "80".
Unless the client selects a non-standard port, web connections are always made to port 80.
The web server is always listening on port 80, it never goes anywhere.
Separately, some protocols use "dynamic protocol assignment", where the protocol number of a service can change, but there is a way to make sure the changing port number is known.
Related
I'm looking for suggestions about approaches to allow multiple applications to use port 80 for communication.
I know it's impossible, or at lease not sensible to have multiple applications to actually bind to port 80, however, I've seen appliances when there is a device that provides both a web interface (HTTP) and RTSP with RTP using port 80.
I have two ideas on how this is achieved:
Are those custom made apps that implement all the functions?
For example the same binary is used for a web server and a RTSP server. That seems kind of limiting due to the fact that you would have to do sever modifications to already developed apps if you want, for example, Apache and openSSH both on port 80.
Are there a "port 80 multiplexers" sort of a pattern?
For example, a parser application that listens to port 80 and depending on the header of the received package, passes the package to the required application.
Found some related references, will give them a try.
https://bbs.archlinux.org/viewtopic.php?id=99457
http://www.rutschle.net/tech/sslh.shtml
I really don't think this is possible in a standard way: port number is actually the one that allows multiplexing among different applications in TCP and UDP protocols. More generic, TSAP, Transport Service Access Point allows multiplexing at the transport layer. TSAP is the port in protocols such as TCP, UDP, or SCTP.
One reason you may want two applications listening on the same port is that a second application can monitor or process in some other way the messages received, and eventually processed, by the first one. In this case, using pcap library other applications could read messages received by the main application that will probably response those messages.
Netfilter can also be useful, http://www.netfilter.org/
However, if you intend two applications to respond messages that arrive to the same port, that would be tricky and would have dependency on each application.
In this response I'm assuming you are thinking of applications listening to the same port at the same IP address. Something different is working with multihost servers where two applications could listen to same port number in different IP addresses.
I have been trying to connect to a partner's web service which is running on HTTPS default port 443. I had been under wrong impression that they had not open firewall ports for us because telnet from my server was unable to establish a connection. For example, I was typing:
$ telnet <vendor's host> 443
After waiting a long time (Around 15-20 seconds), it prints out that it connected but immediately also says that the connection closed:
Connected to <host>.
Escape character is '^]'.
Connection to <host> closed by foreign host.
However, on running the SOAP UI from the server and hitting a URL that is hosted on the same host and port works fine.
Just wondering why telnet connection gets tripped. Is there any kind of setting possible at the server side?
Maybe you're actually making a Telnet connection? But then it closes because the server finds no interesting conversation, because the server is expecting SSL negotiations to complete.
Understand that Telnet is not very different than TCP. ][CyberPillar: Telnet may discuss that.) So what would you expect the SSL server to do with a TCP connection? In the case of an HTTPS server (which is what I'm presuming, since you mentioned TCP port 443), I would expect the HTTPS server to want to immediately perform SSL negotiation. If a client does not successfully provide SSL negotiation, then the client may just be an attacker trying to use up the server's resources. So, the server won't be wasting resources by responding in interesting ways (like printing out an informative message). That would be the behavior that provides the most desirable results, most of the time. Most connections from clients who know what they are doing will be HTTPS connections by a client that does know how to negotiate SSL.
I would expect similar results from many other protocols that are designed to use encryption. Offhand, I don't know that this behavior is absolutely required by any specific technical specifications/requirements. However, what I do know is that the description you provide, which notes the behavior you experienced, is really not surprising to me whatsoever. Perhaps just from some experience I've had, it's what I would expect. The results you describe would not be surprising to me, even if your firewall was doing nothing. Consequently, I don't offhand know whether your firewall is effectively doing anything noteworthy with this traffic. Maybe the firewall is blocking it, or maybe the firewall is passing it to an HTTPS server which is just handling the connection in a way that you weren't expecting.
I am confused about ports.
I find it odd that we need to bind different servers to different ports.
Example:
Apache binded on 8080, Express.js can't bind on 8080
How does server port binding differ from application port listening?
Example:
Different browsers, ie, chrome, firefox, can listening and communicated on port 80?
This issue came up when trying to run "grunt test:unit". There was a tomcat server that was already bound to 8080, but the server grunt starts, middleware I believe, is able to startup, but it is not able to to capture the browser. Stopping the tomcat server made things work.
Actually, Firefox, Chrome, etc. use different source ports. They don't listen on ports; they connect to remote servers. The servers are listening on one port (80). The source port from which the browser connects is chosen randomly and is a high number. You can check this using netstat. Their destination port is the same (80).
The reason why you can't have multiple servers binding to the same port* is because the operating system wouldn't know which application to hand off an incoming connection to.
*actually, you can, but it's complicated. SO_REUSEPORT
The reason only one application can control/listen on a port at one time is this:
When the OS receives a request for, say, port 80, and there were two apps listening on it, how is it supposed to know which app to pass on the request to?
The reason multiple apps can access the web at once is because they don't do it the same way - they use an unused port (maybe something like 62332 or whatever) and only the destination is port 80, for example.
That's what ports are for - so that you can run more than one server at once per machine.
How does a web-server serve its client using the same port(80) for a TCP connection. For a UDP connection, i understand that there is no connection, per se, so we can have multiple clients send packets to same port. If i try to use an already used port on my localhost, i get BindException.
One solution i see to this is starting a thread for each connection, but wouldnt this be cumbersome for site like google/yahoo where there a >100000 connections in each server?
What solutions do web servers employ for this problem?
Server listens on a well-known port (80) and delegate the request to a worker socket once it receive the request. That way it can serve the next request. You can write your own simple server to understand whats going on. Oracle site has a nice example code. [1]
[1] http://java.sun.com/developer/technicalArticles/Networking/Webserver/WebServer.java
first it creates a server socket;
ServerSocket ss = new ServerSocket(port);
then it listnes on the specified port and create a new socket once it accepts the request;
Socket s = ss.accept();
As shown in the code, it has a worker thread pool, so at a given moment you can control the number of request get served by the server at a given time. Others wait in a Queue may be.
You only have one port for listening, but a connection has two ports, one on each side of the connection. This pare must be unique.
So, say you connect to google.com port 80, then your connection will have some port on your machine, say 42312 and port 80 at google.com. You can see your connections with netstat -a. To get a shorter list: netstat -an| grep ESTABLISHED" Which shows all established connections without resolving their IPs to names.
AFAIK, Apache will start a new thread for every request, which is a big reason that event driven servers like Node.js are a little faster. Google and Yahoo also have TONS of servers and spread this large processing load among them. What Roger says also makes sense, although I'm not 100% sure on the details of how exactly google doing output on port 42312 would reach your computer at port 80 :P
I'm building a WCF P2P service using the PNRP functionality.
I see that I can assign a port to the Bindings... but most of the examples do not.
Is there a reason I should or shouldn't give it a port?
If you don't assign a port, WCF will choose a random available port automatically. The local port information is broadcast to peers as part of the PNRP process, so setting a local port explicitly is more to make your application predictable than anything else.
I usually set my ports explicitly so that I can document them to my customers. This is especially important when a customer uses a 3rd party firewall that I can't easily configure in code. If your app assigns a random port, they won't know what port to unblock in their firewall software.