Transcript Port Connection Status

PORT CONNECTION
STATUS
CT1406 - Lab#6
Background
TCP packet
•UDP packet
•Ports
•
TCP packet
TCP Packet


Sequence number (32 bits)has a dual role:

If the SYN flag is set (1), then this is the initial sequence number. The sequence
number of the actual first data byte and the acknowledged number in the
corresponding ACK are then this sequence number plus 1.

If the SYN flag is clear (0), then this is the accumulated sequence number of the first
data byte of this segment for the current session.

When a host initiates a TCP session, its initial sequence number is effectively random;
it may be any value between 0 and 4,294,967,295,
Acknowledgment number (32 bits) if the ACK flag is set then the value of this
field is the next sequence number that the receiver is expecting.
TCP example

For example, the initial relative sequence number shown in packet #1 is 0
(naturally), while the ASCII decode in the third pane shows that the actual sequence
number is 0xf61c6cbe, or 4129057982 decimal.
TCP example (cont.)

Statistics > Flow Graph..., select TCP flow and click OK
TCP STATES- Create connection
TCP STATES – close connection
UDP Packet
Port definition

Port: There are two types of ports relating to
computers
 1)
Connections to peripherals such as USB devices,
serial cables, or mouse's etc
 2) Virtual ports found in TCP/IP communications
Expanded definition

For information relating to network security we are
more concerned with virtual ports
 Ports
are like channels that carry information into, out
of, and internal to a computer
 There are 65,536 standard ports on a computer
 Each port is assigned to a certain type of
communication “traffic”
Example of port assignments
Port connection status
netstat
Netstat





Netstat is an important utility for network
administrators.
It is used to display active TCP connections and UDP
connections, Ethernet statistics, and the IP routing table.
A port can be in any one of a number of states.
When a TCP port is in a listening state, it is waiting for
initiation and completion of a three-way handshake.
This results in the port transforming to an established
state.
Netstat (windows)









-a
: Displays all active TCP connections and the TCP and UDP ports on which
the computer is listening.
-e : Displays Ethernet statistics .
-n : Displays active TCP connections, however, addresses and port numbers
are expressed numerically and no attempt is made to determine names.
-o : Displays active TCP connections and includes the process ID (PID) for each
connection.
-p Protocol : Shows connections for the protocol specified by Protocol.
-s : Displays statistics by protocol.
-r : Displays the contents of the IP routing table. This is equivalent to the route
print command.
Interval : Redisplays the selected information every Interval seconds
/? : Displays help at the command prompt.
Netstat (windows) - examples
Examples
 To display both the Ethernet statistics and the statistics for all
protocols, type the following command:


To display the statistics for only the TCP and UDP protocols, type the
following command:


netstat -s -p tcp udp
To display active TCP connections and the process IDs every 5
seconds, type the following command:


netstat -e -s
netstat -o 5
To display active TCP connections and the process IDs using
numerical form, type the following command:

netstat -n -o
Netstat ( linux)
Command
discription
netstat -a | more
all the listening and non-listening ports
netstat -t
Current TCP sessions on the system
netstat -u
Current UDP sessions on the system
Netstat –l
Netstat –lt – netstat -lu
It shows all the sockets which are in
listening state .
netstat –r
Current routing table
netstat -n
Displays addresses and port numbers in
numerical form.
Netstat -rn
netstat –i
Current interfaces
Netstat -x
used to dispaly the statistic of each
protocol
How to read Netstat result - example

Example (netstat –an)
How to read Netstat result
IP







*.* = All IPv4 addresses (it's listening, so accept connections from any IPv4)
[::] = All IPv6 addresses (it's listening, so accept connections from any IPv6)
If it says 0.0.0.0 on the Local Address column, it means that port is listening on all
'network interfaces' (i.e. your computer, your modem(s) and your network card(s)).
127.0.0.1 on the Local Address column, it means that port is ONLY listening for
connections from your PC itself, not from the Internet or network. No danger there.
If it displays your online IP on the Local Address column, it means that port is
ONLY listening for connections from the Internet.
If it displays your local network IP on the Local Address column, it means that port
is ONLY listening for connections from the local network.
Foreign Address - The IP address and port number of the remote computer to
which the socket is connected. The names that corresponds to the IP address and the
port are shown unless the -n parameter is specified. If the port is not yet
established, the port number is shown as an asterisk (*).
How to read Netstat result

Consider the following example :

RX-OK : Correct packets received on this interface.
RX-ERR : Incorrect packets received on this interface
RX-DRP : Packets that were dropped at this interface.
RX-OVR : Packets that this interface was unable to receive.
FTP Command


FTP stands for file transfer protocol. It is an
application layer protocol as well as an application.
The FTP command is used in the command prompt to
connect to FTP servers.
Lab Exercise

Objectives
 Name
the command used to display protocol statistics
and current TCP/IP network connections (netsat).
 Understand how a computer can manage multiple
communications through the use of ports.
 List the switches that can be added to the netstat
command to increase its functionality.