Source Port mystery?

Hi every one,

I have a question regarding Source ports, below is one of the display entry of netstat -antl.

My question is, how does Linux Box determine what source port(55729) to use when establishing a connection /Session?

tcp 0 0 192.168.1.6:55729 130.57.4.15:80 ESTABLISHED

I can understand the destination port(port 80), but not the source port.

thanks,

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Source ports for TCP/UDP connections are chosen at random from a system’s
available high ports. I assume you were thinking that the same port would
be used on the source side as the destination, though that would not be
conducive too an environment where you wanted to go to two sites at the
same time (since you could not use port 80 to go to two sites (or more)
simultaneously. Anyway, it’s random and the way that TCP is designed.

Good luck.

ariyoshi wrote:
> Hi every one,
>
> I have a question regarding Source ports, below is one of the display
> entry of netstat -antl.
>
> My question is, how does Linux Box determine what source port(55729) to
> use when establishing a connection /Session?
>
> tcp 0 0 192.168.1.6:55729 130.57.4.15:80 ESTABLISHED
>
> I can understand the destination port(port 80), but not the source
> port.
>
> thanks,
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJKfaY/AAoJEF+XTK08PnB5CQoP/3mxRuImPP+pp3/8mNdlQhZG
Ce4EETa5+IJf6FX1J5hHe0QZd98KF8cHIo8p302tjR/i+RaRiwf7AmmsAQSI/Ebm
JiKh9NmIk4mubTj/4mXg6OKeKQLixnoPSjmUV3eiErpUMf04q/BY537W37+TILHE
sVVjPkz6v7jCebBphhwV1hIOKjAlzXie9uNfBkn8H8kiUUBs2MQqTWNjmxRppfpa
DzuzZjn+T3aI3a/6u0qe72twD5Atv8kalpAUP3JF4LJeMj4PiOOWnkg6MzCEfnXu
h+YLkqQb6FQHMHxVbb4ILOE4ya6H8api664VfEL7ACkSTlQEZWFwnWZaLC7M7f43
ZrpnKvHd3XZBC05Tj8tOWez6MFvXaeRqYzJcBWmbaB/jZ2PQINAIDWEQPCGFtNYD
PdVB/PDQe2YsNIdDjbvzkwFolUwc56OieELEtoeSm0+XuVl6OaI0hot8RExLfK0p
gRzIEDMbNRJUqbEW5YzYIyPD1o7hGr/SPnv+DOKGR+WLehvQwGJlnC++vDyvldYn
bFU3aXfjuMBknC9oX/f57zfl27WTizyrNdWI5uN/TuT8uzoLXCMQqv/h2xelcGtG
9sNY6w4DAZ6rUa6In8yGvR8g/X4sj9eO6rwFAcOLMi/K1lycUiYtN1uTZP+KimQo
hLXgeHw5Wa1I6pcYry7g
=tK0Z
-----END PGP SIGNATURE-----

What ab said.

Generally there is no need to constrain the source port so the client chooses it at random. There are some (root operated) services that do choose a fixed source port when connecting to other servers to indicate that they are the “authorised” service. ntpd is one, and sometimes named is fixed at port 53.

ken yap wrote:
> What ab said.
>
> Generally there is no need to constrain the source port so the client
> chooses it at random. There are some (root operated) services that do
> choose a fixed -source- port when connecting to other servers to
> indicate that they are the “authorised” service. ntpd is one, and
> sometimes named is fixed at port 53.

Of course, as with almost averything in Linux, this too can be tweaked.

cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000

echo “41000 61000” > /proc/sys/net/ipv4/ip_local_port_range

cat /proc/sys/net/ipv4/ip_local_port_range
41000 61000

Theo