Source Port vs Destination Port

tcp port firewall
Omer K picture Omer K · Jan 21, 2014 · Viewed 60.9k times · Source

I am new to TCP/IP and trying hard to learn basics. Well, I really wonder about inbound rules and outbound rules of Firewall and concept of source adress:port, destination adress:port.

For example I am investigating port 80. I know that http uses port 80. But when I try to listen the traffic I see that my browser doesn't use 80. As you see from the image only destination port 80 is used and "destination" should be the server that hosts web pages not my computer. And also there is no used port 80 on source port, "source" should be my computer.

enter image description here

My browser uses some other ports as source and goes to server port 80. From that, I understand that port 80 of my computer is not used for http, only server computers that host the web pages used port 80 but if I close port 80 or my computer from outbound rules the internet dooesn't work. But as I understood before from the image, port 80 is not used on my computer.

Really confused. Can anybody clarify it for me?

Answer

a.cee picture a.cee · Jan 21, 2014

You are right : the communication goes from your computer (source port chosen "randomly") to a web server (destination port 80). And from a web server (source port 80) to your computer (destination port xxxxx) for the server's responses.

If you close port 80 in outbound rules, your computer will not be able to access any web server because this rule means that your firewall drops any packets which are send from your computer to a destination on port 80.

EDIT

Actually, the packets you send contains parameters such as :

your_IP, server_IP, source_port (xxxxx), destination port (80)

When your firewall sees that kind of packet, it applies the outbound rules (the one concerning the communication FROM your computer TO a web serer). If your outbound rule is to close port 80 (which means to drop any packets whose destination port is 80) it is normal to see the packets you try to send to a web server getting dropped.

closing port 80 in outbound rules doesn't mean you close your computer's port 80. It means your firewall drops packets whose destination port is 80.

Related questions

Is TCP Communication a 2-way communication?

This is really a newbie question regarding TCP Communication. Is TCP Communication a 2-way communication? Let me give a scenario: One program is listening to a TCP port, say port 25. An external program connects to the first program's IP address (…

Read More
Test if remote TCP port is open from a shell script

I'm looking for a quick and simple method for properly testing if a given TCP port is open on a remote server, from inside a Shell script. I've managed to do it with the telnet command, and it works fine …

Read More
How do multiple clients connect simultaneously to one port, say 80, on a server?

I understand the basics of how ports work. However, what I don't get is how multiple clients can simultaneously connect to say port 80. I know each client has a unique (for their machine) port. Does the server reply back from …

Read More