Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How should one map a sent packet and its response from server ? Is it safe to use port ?
e.g I captured a tcp packet , from X.X.X.X:45621 to Y.Y.Y.Y:993 , soon another tcp packet , which come from Y.Y.Y.Y:993 , and to X.X.X.X:45621.
Would it be safe to say , the second packet is the response of the first one ?
Is the following two situation causing problems ?
1) Port re-using
2) What if (is that possible ?) multiple request come from one port to the same remote machine ?
A TCP connection (or UDP pseudo-connection) is identified by 4 things: the local IP address, the local port number, the remote IP address, and the remote port number. If all 4 of those things are the same from one packet to the next then it’s the same connection. If any of them are different, it’s a different connection. Note that the “local” IP address and port appear as the source IP address and port of outgoing packets and as the destination IP address and port of incoming packets, and vice verse for “remote”.
All of this is valid during the lifetime of the connection. After the connection is closed, the same 4-tuple might be reused for a new connection.
1) Q: Port re-using
A: many connections can use the same port. The connections will be differentiated by AT LEAST one of the other 3 members of the 4-tuple.
2) Q: What if multiple request come from one port to the same remote machine?
A: If multiple connections arrive destined to the same port of the same IP address and furthermore they have the same source port, that’s OK as long as they come from different source hosts: source IP address will be different. This case won’t happen for multiple connections coming from the same host destined to the same port on the same host because no two sockets on the same source host could have been bound to the same source port.