1
00:00:00,210 --> 00:00:06,420
When a PC, for example, is connecting to a Web server on the Internet, traffic will be sent from

2
00:00:06,420 --> 00:00:10,470
a source IP address to a destination IP address.

3
00:00:10,680 --> 00:00:13,840
So the source IP address and this transmission will be from the host.

4
00:00:13,860 --> 00:00:15,060
Ten 111.

5
00:00:16,370 --> 00:00:24,650
To the server ten 1 to 1 traffic will be routed from the PC to the server, and when the traffic arrives

6
00:00:24,650 --> 00:00:31,910
at the server, the server needs a way to differentiate which application to send this traffic to.

7
00:00:32,640 --> 00:00:39,560
Well-known port numbers are used for various common day applications like HTTP.

8
00:00:40,010 --> 00:00:47,750
So this server will be running a web server application like IIS or Apache, which serves up the web

9
00:00:47,750 --> 00:00:49,850
pages for the web browser.

10
00:00:50,180 --> 00:00:57,230
Using Apache as an example, the Apache server will be listening to traffic on Port 80, which is the

11
00:00:57,230 --> 00:00:59,360
well known port number for HTTP.

12
00:01:00,190 --> 00:01:06,850
Your browser will automatically open up a connection to the server's IP address on that port number.

13
00:01:07,030 --> 00:01:08,740
If the defaults are used.

14
00:01:10,200 --> 00:01:17,310
When that traffic arrives at the transport layer, TCP will send that traffic to port 80.

15
00:01:17,790 --> 00:01:20,640
The port number the Apache server is listening on.

16
00:01:21,930 --> 00:01:26,760
And the Apache server, the application layer will process the data received.

17
00:01:28,570 --> 00:01:33,950
The PC will use a random source port number in a specific range.

18
00:01:33,970 --> 00:01:39,610
That range is dependent on the operating system and whether the icon is standards or followed.

19
00:01:40,470 --> 00:01:45,420
But essentially a random port number is used as the source and a well known port number is used as the

20
00:01:45,420 --> 00:01:47,940
destination in this conversation.

21
00:01:48,930 --> 00:01:52,470
When the reply from the server is sent back to the PC.

22
00:01:52,710 --> 00:01:58,680
Note that the source address will be the servers IP address and the port number will be port 80.

23
00:01:59,490 --> 00:02:06,630
The destination IP address will be the PC's IP address and the port number the PC selected as the source

24
00:02:06,630 --> 00:02:07,530
port number.

25
00:02:08,039 --> 00:02:13,080
So note return traffic has the IP addresses reversed and the port numbers are reversed.

26
00:02:14,840 --> 00:02:16,580
The PC's web browser.

27
00:02:17,230 --> 00:02:22,540
Let's say, for instance, Internet Explorer will be listening on this port, 60,000.

28
00:02:23,350 --> 00:02:31,000
And when the traffic arrives at the PCC's transport layer, in this case, TCP IP, TCP IP will push

29
00:02:31,000 --> 00:02:33,310
that traffic to port 60,000.

30
00:02:34,080 --> 00:02:37,920
The port number that Internet Explorer is expecting to receive the traffic on.

31
00:02:39,460 --> 00:02:46,720
Thus, port numbers bind layer four to layer seven, allowing applications to communicate.

32
00:02:49,300 --> 00:02:52,270
Now there are some well-known port numbers that you need to remember.

33
00:02:52,690 --> 00:02:58,870
Well-known port numbers are in the range less than or equal to 1023.

34
00:02:59,750 --> 00:03:04,250
So for example, HDPE uses Port 80.

35
00:03:05,270 --> 00:03:07,970
And TCP as its transport layer protocol.

36
00:03:10,080 --> 00:03:18,380
FTP control, which is used for FTP server and client negotiation, uses port 21 using TCP.

37
00:03:19,550 --> 00:03:25,930
FTP data which is used for the actual transmission of data and FTP uses port 20.

38
00:03:27,100 --> 00:03:28,360
And TCP.

39
00:03:29,430 --> 00:03:34,360
Telnet used for management uses Port 23 and uses TCP.

40
00:03:35,550 --> 00:03:41,640
DNS is an interesting case because it uses both TCP and UDP.

41
00:03:43,350 --> 00:03:45,240
And uses Port 53.

42
00:03:46,050 --> 00:03:48,540
DNS primarily uses UDP.

43
00:03:49,320 --> 00:03:51,750
On Port 53 to serve requests.

44
00:03:52,020 --> 00:03:59,280
In other words, when a host needs a resolution for, say, Cisco com that will use UDP port 53 TCP

45
00:03:59,280 --> 00:04:06,180
is used when the response data exceeds 512 bytes or for tasks such as zone transfers.

46
00:04:07,230 --> 00:04:14,520
Zone transfers are used for replication of databases containing DNS data across a set of DNS servers.

47
00:04:17,060 --> 00:04:24,890
Two FTP uses UDP port 69 and SNMP uses UDP port 161.

48
00:04:25,920 --> 00:04:28,710
Once again to see a list of port numbers.

49
00:04:30,150 --> 00:04:33,000
Go to Google and type in on airport numbers.

50
00:04:35,330 --> 00:04:41,690
And as you can see here, the Internet assigned numbers authority or I on a port number list is available

51
00:04:41,690 --> 00:04:42,530
for viewing.

52
00:04:44,780 --> 00:04:49,790
As you can see here, the well-known port numbers on the range, 0 to 1023.

53
00:04:50,820 --> 00:04:53,670
However, because of the number of applications that are in use.

54
00:04:54,590 --> 00:05:03,890
Is a second range known as the registered ports in the range 1024 through to 40 9151, which are generally

55
00:05:03,890 --> 00:05:05,960
used for proprietary applications.

56
00:05:08,900 --> 00:05:12,230
Dynamic or private port numbers on the range.

57
00:05:12,230 --> 00:05:16,970
4915232 65,535.

58
00:05:17,720 --> 00:05:23,570
As you can see, the full port range is from 0 to 6, five, five, three, five.

59
00:05:25,480 --> 00:05:26,950
To search for a well-known application.

60
00:05:26,950 --> 00:05:32,950
I'm just going to use the key sequence control F and then type in, for example, Telnet.

61
00:05:33,310 --> 00:05:36,520
And as you can see here, Telnet uses port 23.

62
00:05:37,450 --> 00:05:44,140
Now both TCP and UDP could be used for TELNET, but in most implementations, TCP is used.

63
00:05:45,410 --> 00:05:48,140
I could search for another protocol like, let's say, tftp.

64
00:05:49,200 --> 00:05:57,840
And as you can see here, TFTP uses Port 69 once again, TCP or UDP could be used, but in real world

65
00:05:57,840 --> 00:06:00,120
applications UDP is used.

66
00:06:00,940 --> 00:06:05,080
I could search, for example, for HDPE and as you can see here.

67
00:06:06,520 --> 00:06:08,080
Notice Port 80.

68
00:06:09,160 --> 00:06:11,020
There are many applications here.

69
00:06:12,440 --> 00:06:14,690
Some of which you may never have used.

70
00:06:15,500 --> 00:06:16,280
We'll see.

71
00:06:17,450 --> 00:06:21,350
There's another example but p and it's derivative.

72
00:06:21,380 --> 00:06:24,980
DHCP use port 67 and 68.

73
00:06:25,610 --> 00:06:29,480
I could scroll down the list and show you many many port numbers.

74
00:06:31,320 --> 00:06:34,950
Here's an example of VMware and.

75
00:06:36,170 --> 00:06:39,320
Here's an example of some of the port numbers used by Bloomberg.

76
00:06:39,590 --> 00:06:43,520
Now, according to the I honor, there are three ranges of port numbers.

77
00:06:43,520 --> 00:06:47,000
Well known port numbers are less than or equal to 1023.

78
00:06:47,600 --> 00:06:52,970
Registered port numbers on this range, 1024 to 4 9151.

79
00:06:53,570 --> 00:06:59,650
And dynamically assigned port numbers, which should be used by hosts when initiating sessions to,

80
00:06:59,660 --> 00:07:01,850
for instance, well known port numbers on the range.

81
00:07:01,850 --> 00:07:05,840
49152265535.

82
00:07:06,140 --> 00:07:11,870
However, vendor implementations do not necessarily follow that recommendation.

83
00:07:12,170 --> 00:07:18,170
Ephemeral port numbers are short lived ports used for the client side of a connection.

84
00:07:18,740 --> 00:07:25,010
So when your PC initiates a session to a web server, an ephemeral port will be used.

85
00:07:25,190 --> 00:07:29,000
They are temporary and only lost for the duration of the session.

86
00:07:29,720 --> 00:07:36,320
As I've shown you, the honor suggests the range 4915 2 to 65535.

87
00:07:36,860 --> 00:07:53,030
However, BSD uses this range 1024 through 4999 Linux or Linux users ports 327682 61,000 Windows through

88
00:07:53,030 --> 00:07:54,530
to server 2003.

89
00:07:54,530 --> 00:07:57,650
Use the range 1025 to 5000.

90
00:07:58,190 --> 00:07:59,960
Windows Vista and seven.

91
00:07:59,960 --> 00:08:06,710
Use the actual on a range and free BSD uses the R on a range since version 4.6.

92
00:08:08,040 --> 00:08:12,870
So just be a way the source port numbers used by hosts will vary.

93
00:08:13,650 --> 00:08:20,220
Based on the vendor implementation and which ephemeral port numbers that vendor has decided to use.

94
00:08:21,070 --> 00:08:28,480
So in this example, this host, which may be running Windows Vista, is using a source port of 60,000

95
00:08:28,480 --> 00:08:32,860
when connecting to this Apache server on well known port 80.