Port Theory

Discussion in 'other security issues & news' started by Checkout, Jul 10, 2002.

Thread Status:
Not open for further replies.
  1. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    I would imagine (but don't know for certain) that what we observe as ports are merely addresses in a host's memory - an array of 64k such addresses. I further imagine that there's a callable function in the Operating System which uses these addresses to exchange incoming and outgoing buffers between applications and the Internet. Probably there's more sophistication here, such as buffer chaining and parameter blocks. Somebody please tell me if I'm blowin' smoke or swiggin' vodka here. :)

    The question is (and I'm simply posting more totally unfounded assumptions here for correction) how do ports work internally to the host? Here's my uneducated proposition:

    . A browser will want to use port 80 because that's the standard port for HTML
    . If a browser is set to use a proxy on (say) port 8080, it will bind to 8080 instead of 80
    . The browser will call the OS function to claim (bind to) port 8080
    . The OS function will set the address array element 8080 to point to a buffer and parm block supplied by the browser
    . The browser, if sending, will make another function call to transmit the filled buffer
    . The browser, if listening, will wait for a wake-up call from the OS (return instruction in an asynchronous browser task)

    By now many of you will realise I'm building a house of cards on quicksand foundations...

    Thus the browser is talking to the proxy on port 8080, and the proxy is talking to the Internet on port 80 - or is it? What if I'm using The Proxomitron (port 8080) with an external proxy set to JAP (port 4001)?

    Questions arise:

    1) Can the Internet 'see' ports 8080 and 4001?
    2) Does JAP send and receive on port 4001, or does it really use port 80 under the hood?
    3) If HTML uses port 80 by convention, how can a browser and an email client use it simultaneously, which they empirically and obviously can?

    Secondary (but important) Other questions:

    1) How can I force applications which don't intrinsically have a 'use proxy' setting to use a proxy? (Example: VisualZone listens on port 3731. Why it has to listen, I don't know - but I'd like to know.)

    At this point, I think I need to paint a picture - so here's my TCPView Pro snapshot (offline):

    Code:
    Process:PID   Protocol   Local Address   RemoteAddress   Sent   Received   ExtraDNS.dll:1588   TCP   0.0.0.0:53   LISTENING         
    ExtraDNS.dll:1588   UDP   0.0.0.0:53   *:*   29/5848   29/1122   
    spyblocker.exe:1228   TCP   0.0.0.0:80   LISTENING         
    svchost.exe:580   TCP   0.0.0.0:135   LISTENING         
    System:4   TCP   0.0.0.0:445   LISTENING         
    System:4   UDP   0.0.0.0:445   *:*         
    ExtraDNS.dll:1588   UDP   0.0.0.0:1027   *:*   92/3733   69/14455   
    VisualZone.exe:1720   UDP   0.0.0.0:3731   *:*         
    javaw.exe:1132   TCP   127.0.0.1:4001   LISTENING         
    Proxomitron.exe:1136   TCP   127.0.0.1:8080   LISTENING         
    
    I know there are a lot of questions here, but I need answers to all of them else my understanding will remain incomplete (and I'm certain others will benefit too). I thank all contributors in advance, and very sincerely. A Karma Cookie to everyone who doesn't reply, "Huh?" but manages to enlighten me in at least one aspect.

    Apologies in advance to all those whose primary language isn't English - it's hard for me, in this case, not to use 'engineering English' for the sake of brevity.

    I would also appreciate book recommendations, orientated to Windows, if you please.

    And finally...

    Over at the SpyBlocker forum, SpyBlocker (doubtless Paul Kurland himself) intimated that there's a program available for chaining pacfiles, but he couldn't recall it. Does this ring any bells for people here? I suspect it's some kind of port redirector.

    Dammit, more questions!

    1) SpyBlocker is set to port 80, which cannot be changed. It works even with JAP running, so I guess port 80 is always involved, thus port 4001 (JAP) is only a conduit to port 80
    2) Oh, I forget, and I'm growing tired
    3) Anyone got a job for me? I'm out of work in two days
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Go here
    and scroll down to understanding ports.
    Best I could come up with. o_O
     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Thanks, Root - at least that's confirmation of part of my understanding.
     
  4. wender

    wender Registered Member

    Joined:
    Mar 14, 2004
    Posts:
    3
    Location:
    zaandam
    for selling technique purposes? Maybe. but NOT for optimal communications/clarifications of your questions..
    MS always failed to maintain commu what is is meant for:
    speed up, tighten cooperation. Instead it was timelost, dividing, slacking.
    What they could easily tell in 2 words, are they used to do in 20.
    The answer for several of your remarks/questions is hidden in that matter of communication..
    Try to keep and the boundaries who let you show a clear view.
    Abounding processorspeed is something different from efficiently using processor.

    y'rs :cool:

    Wender.
     
  5. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Checkout, English is not my mommy language and due to my superior intelligence i fail to understand passages containing more lines than i can handle. in a nutshell i hope i read you correctly. ok ports are the LOGICAL end-points of a circuit or a connection. not a physical connection but a logical connection for data transmitting and recieving. even if there is no connection still those ports can exist just like a plug-point. these ports are denoted by a 16 bit number so they can be any number between 0 to 2^16 or 65536. now port number 1-1023 are well-known port numbers and they are assigned already. port number 1024-49151 are registered and port number 49152-65536 are private or dynamic. port 80 is designated for HTTP protocol not HTML. so when you type http://www.somesite.com you are telling your browser to connect to port 80 of somesite.com server. note that YOUR browser is not using port 80 for this connection but it'll use any random port from 1024-65536. a single port can be used by more than one applications or protocols. so if you know somesite.com's HTTP server is using port 1008 you'll have to type http://www.somesite.com:1008. note that if you don't use :NUMBER then the browser will use the default port 80 for HTTP, 23 for TELNET, 20/21 for FTP, etc. i hope i cleared some doubts.
     
    Last edited: Aug 8, 2004
  6. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Probably both! (just kidding, but that's funny) :D

    Looks like your onto somethin' worthwhile here (I know not about such things), and just wished to assist you, the only way I know how. May the gods be with you oh noble one. :cool:

    Best Regards with this Checkout,
    GF ;)
     
  7. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    I wish you this page also Checkout, towards your quest... :)

    GF

    P.S.- Please see if this, this, or that will help. o_O
     
    Last edited: Aug 7, 2004
Loading...
Thread Status:
Not open for further replies.