Friday, June 18, 2010

Source & Destination IP Address, Protocol & Services

As a firewall engineer, I receive a lot of request to open ports from certain location to a server. Unfortunately, there are a lot of users still don't understand what is source ip address, destination ip address and service.

Let me explain it in a simple way

All Internet packets have a source IP address and a destination IP address.
http://en.wikipedia.org/wiki/Network_address_translation

Every TCP and UDP packet contains both a source IP address and source port number as well as a destination IP address and destination port number.
http://en.wikipedia.org/wiki/Port_address_translation

Source IP Address (SIP) is IP address of machine you are coming from or the address of the sender of the packet.
As example, SIP in the diagram below is 192.168.1.1.

Destination IP address (DIP) is IP address of machine you are trying to connect to or indicates the receiver of the packet.
As example, DIP in the diagram below is 100.100.100.1
http://en.wikipedia.org/wiki/IPv4
http://www.networkcomputing.com/netdesign/ip101.html

A port number is a number assigned to a particular network service on a host. It is a field in a TCP or UDP header that identifies the application that either sent (source port) or should receive (destination port) the data inside the data segment.
For example, SMTP usually uses port TCP 25, while HTTP is usually port TCP 80.
http://www.lsoft.com/manuals/Maestro/2.1/Admin/WebHelp/Glossary_of_Terms.htm
http://www.proprofs.com/mwiki/index.php/Ultimate_Cisco_CCNA_INTRO_Glossary_&_Acronyms
http://en.wikipedia.org/wiki/Port_number

http://www.tech21century.com/connections-and-translations-on-cisco-asa-firewalls/

Base on network diagram above:

Source IP Address: 192.168.1.1 (Translated to 20.20.20.1)
Source Port: 1030
Destination IP Address: 100.100.100.1
Destination Port:80

Source Ports
The source port, which can be a random number, is assigned to the client and is used to keep track of user sessions. The combination of port number and IP address is called a "socket."

Destination Ports
The destination port is used to route packets on a server to the appropriate network application. For example, port 80 is the standard port number for HTTP traffic, and port 80 packets are processed by a Web server. Destination ports are typically well-known ports (0-1023) for common Internet applications such as HTTP, FTP and SMTP. It can also be a registered port (1024-49151) that vendors use for proprietary applications. See well-known port.
http://www.pcmag.com/encyclopedia_term/0,2542,t=TCPIP+port&i=52617,00.asp
http://www.firewall.cx/tcp-analysis-section-1.php 
Posted by at
Labels: , , ,

1 comment:

Subscribe to: Post Comments (Atom)

Related post:

Related Posts with Thumbnails