General Port question

From a netstat command.  

When I look at netstat or any other log that reports on open ports, what is the defination of Local and Foreign?  For some reason I just can't grasp this.  

Foreign Address:Port ?

Proto  Local Address        Foreign Address      State
TCP    2.2.2.2:4378         1.1.1.1:80               ESTABLISHED

Is the above telling me that I am connected to IP 1.1.1.1 opening port 80 on the Remote PC?

- or -

Is the above telling me that my PC has opened port 80 on my PC and is connected to 1.1.1.1?

For some reason I am having issues with grasping this.  
mchristo63Asked:
Who is Participating?
 
jhanceConnect With a Mentor Commented:
This says that SOME PROCESS ON YOUR PC (IP = 2.2.2.2 and PORT = 4378) is connected to a REMOTE (i.e. FOREIGN) SERVER at IP = 1.1.1.1 on PORT = 80.

This is probably a web connection (i.e. HTTP) of some sort.  The port on YOUR PC is arbitrary.  The port on the REMOTE is the one that you usually see referred to.
0
 
dooleydogConnect With a Mentor Commented:
Proto  Local Address        Foreign Address      State
TCP    2.2.2.2:4378         1.1.1.1:80               ESTABLISHED

local address is you, and port 4378 is the port your computer is sending this request from.

foreign address is the web server and port 80 is what they send from.

A web server will listen for lots of ports, but only transmit HTTP and other protocols over port 80.

Hope this helps,

0
 
Leon FesterSenior Solutions ArchitectCommented:
Local is the host where the command is being run.
Foreign is any server/workstation that is trying to connect to that server.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Leon FesterConnect With a Mentor Senior Solutions ArchitectCommented:
You may even find that your own workstation could be listed under the foreign as well as local list.

And that is only because it is one application talking to another application on your worstation. You'd normally see this on a firewalled machine.

As stated above the main port to consider is the port on the foreign host. This should tell you what kind of request was sent to your local machine.

Your local machine could have lots of various apps/websites running and since it knows what kind of request was sent from the foreign host, it is able to redirect to the appropriate port that your application/website is running on at the time of the request.

A nice little tool to use to see what ports are open is aports. Has a nice feature to kill ports with 1 click of the button. Handy to have on a webserver, incase you suspect somebody is trying to/has compromised the server. http://www.tucows.com/get/213738_91414
0
 
mchristo63Author Commented:
So if I see:
Proto  Local Address        Foreign Address      State
TCP    2.2.2.2:4378         1.1.1.1:80               ESTABLISHED

That is tell me IP 1.1.1.1 has opened port 80 on MY PC?  
0
 
jar3817Connect With a Mentor Commented:
no, it means your pc is connected to port 80 on 1.1.1.1
0
 
Leon FesterSenior Solutions ArchitectCommented:
No, it tells you that 1.1.1.1 has sent a http request via port 80 to your machine 2.2.2.2. Your machine has accepted the session on port 4378.

Port 80 on your webserver is only the listening port. Once a session is established your local machine can do what it wants with the port. Consider what would happen if you saw the following

Proto  Local Address        Foreign Address      State
TCP    2.2.2.2:80         1.1.1.1:80               ESTABLISHED

No other machines will be able to browse your website as port 80 is already busy with a session to 1.1.1.1
0
 
mchristo63Author Commented:
OK, so the foreign PC has sent a request via port 80 and my PC accepted via port 4378.  Sounds good.  So if I was trying to diag another issue regarding a totaly different port, for example a Shavlik or Symantic Antivirus or whatever.  If the foreign address is somthing like:

1.1.1.1: 135

In order to allow this do i open port 135 in the firewall?  I get confused as you mentioned with the previous example using port 80, the local PC accepts using port 4378 or a ramndom port.  If I were to open port 135 in this eample, would I see the same results?  Meaning, if I open port 135 in my firewall, would netstat show my pc (local Address) using a random port or port 135?

 
0
 
Leon FesterSenior Solutions ArchitectCommented:
"OK, so the foreign PC has sent a request via port 80 and my PC accepted via port 4378.  Sounds good.  So if I was trying to diag another issue regarding a totaly different port, for example a Shavlik or Symantic Antivirus or whatever.  If the foreign address is somthing like:

1.1.1.1: 135 "

the above is CORRECT! Please understand, the connection on the local machine will always start off on the incoming port that the foreign system requests. It is a direct 1-to-1 relationship that needs to traverse your firewall. After the neccessary security hanshake has taken place your machine moves the sessions to a random port, so that it can service other requests to the originally requested port.

The troubleshooting statements above are correct, wanna troubleshoot connectivety problems on a specific port, then that port needs to be opened on the firewall.

Netstat may/may not show the correct port on the local machine, it depends entirely on the type of port, most commonly you'd find that the gets moved. Try running aports as mentioned above and see what you get, it should help to make to clarify what we're talking about here, then again it may confuse you even more LOL :)

APorts updates in realtime so you can actually monitor an active connection, from the time that it gets initiated till the time it gets disconnected.
0
 
mchristo63Author Commented:
Thanks.  Don't know why this was so hard for me to grasp.  APorts is a good app and it help.  Thanks for your time.  
0
 
Leon FesterSenior Solutions ArchitectCommented:
You're welcome....

Each one teach one.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.