mchristo63
asked on
General Port question
From a netstat command.
When I look at netstat or any other log that reports on open ports, what is the defination of Local and Foreign? For some reason I just can't grasp this.
Foreign Address:Port ?
Proto Local Address Foreign Address State
TCP 2.2.2.2:4378 1.1.1.1:80 ESTABLISHED
Is the above telling me that I am connected to IP 1.1.1.1 opening port 80 on the Remote PC?
- or -
Is the above telling me that my PC has opened port 80 on my PC and is connected to 1.1.1.1?
For some reason I am having issues with grasping this.
When I look at netstat or any other log that reports on open ports, what is the defination of Local and Foreign? For some reason I just can't grasp this.
Foreign Address:Port ?
Proto Local Address Foreign Address State
TCP 2.2.2.2:4378 1.1.1.1:80 ESTABLISHED
Is the above telling me that I am connected to IP 1.1.1.1 opening port 80 on the Remote PC?
- or -
Is the above telling me that my PC has opened port 80 on my PC and is connected to 1.1.1.1?
For some reason I am having issues with grasping this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So if I see:
Proto Local Address Foreign Address State
TCP 2.2.2.2:4378 1.1.1.1:80 ESTABLISHED
That is tell me IP 1.1.1.1 has opened port 80 on MY PC?
Proto Local Address Foreign Address State
TCP 2.2.2.2:4378 1.1.1.1:80 ESTABLISHED
That is tell me IP 1.1.1.1 has opened port 80 on MY PC?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No, it tells you that 1.1.1.1 has sent a http request via port 80 to your machine 2.2.2.2. Your machine has accepted the session on port 4378.
Port 80 on your webserver is only the listening port. Once a session is established your local machine can do what it wants with the port. Consider what would happen if you saw the following
Proto Local Address Foreign Address State
TCP 2.2.2.2:80 1.1.1.1:80 ESTABLISHED
No other machines will be able to browse your website as port 80 is already busy with a session to 1.1.1.1
Port 80 on your webserver is only the listening port. Once a session is established your local machine can do what it wants with the port. Consider what would happen if you saw the following
Proto Local Address Foreign Address State
TCP 2.2.2.2:80 1.1.1.1:80 ESTABLISHED
No other machines will be able to browse your website as port 80 is already busy with a session to 1.1.1.1
ASKER
OK, so the foreign PC has sent a request via port 80 and my PC accepted via port 4378. Sounds good. So if I was trying to diag another issue regarding a totaly different port, for example a Shavlik or Symantic Antivirus or whatever. If the foreign address is somthing like:
1.1.1.1: 135
In order to allow this do i open port 135 in the firewall? I get confused as you mentioned with the previous example using port 80, the local PC accepts using port 4378 or a ramndom port. If I were to open port 135 in this eample, would I see the same results? Meaning, if I open port 135 in my firewall, would netstat show my pc (local Address) using a random port or port 135?
1.1.1.1: 135
In order to allow this do i open port 135 in the firewall? I get confused as you mentioned with the previous example using port 80, the local PC accepts using port 4378 or a ramndom port. If I were to open port 135 in this eample, would I see the same results? Meaning, if I open port 135 in my firewall, would netstat show my pc (local Address) using a random port or port 135?
"OK, so the foreign PC has sent a request via port 80 and my PC accepted via port 4378. Sounds good. So if I was trying to diag another issue regarding a totaly different port, for example a Shavlik or Symantic Antivirus or whatever. If the foreign address is somthing like:
1.1.1.1: 135 "
the above is CORRECT! Please understand, the connection on the local machine will always start off on the incoming port that the foreign system requests. It is a direct 1-to-1 relationship that needs to traverse your firewall. After the neccessary security hanshake has taken place your machine moves the sessions to a random port, so that it can service other requests to the originally requested port.
The troubleshooting statements above are correct, wanna troubleshoot connectivety problems on a specific port, then that port needs to be opened on the firewall.
Netstat may/may not show the correct port on the local machine, it depends entirely on the type of port, most commonly you'd find that the gets moved. Try running aports as mentioned above and see what you get, it should help to make to clarify what we're talking about here, then again it may confuse you even more LOL :)
APorts updates in realtime so you can actually monitor an active connection, from the time that it gets initiated till the time it gets disconnected.
1.1.1.1: 135 "
the above is CORRECT! Please understand, the connection on the local machine will always start off on the incoming port that the foreign system requests. It is a direct 1-to-1 relationship that needs to traverse your firewall. After the neccessary security hanshake has taken place your machine moves the sessions to a random port, so that it can service other requests to the originally requested port.
The troubleshooting statements above are correct, wanna troubleshoot connectivety problems on a specific port, then that port needs to be opened on the firewall.
Netstat may/may not show the correct port on the local machine, it depends entirely on the type of port, most commonly you'd find that the gets moved. Try running aports as mentioned above and see what you get, it should help to make to clarify what we're talking about here, then again it may confuse you even more LOL :)
APorts updates in realtime so you can actually monitor an active connection, from the time that it gets initiated till the time it gets disconnected.
ASKER
Thanks. Don't know why this was so hard for me to grasp. APorts is a good app and it help. Thanks for your time.
You're welcome....
Each one teach one.
Each one teach one.
Foreign is any server/workstation that is trying to connect to that server.