1 00:00:00,000 --> 00:00:00,500 2 00:00:00,500 --> 00:00:02,370 I thought it would be fun to help reinforce 3 00:00:02,370 --> 00:00:05,220 the concepts of ports and how they're used at the transport 4 00:00:05,220 --> 00:00:08,250 layer by using Wireshark, a protocol analyzer, 5 00:00:08,250 --> 00:00:10,260 to take a peek at some of the protocols, 6 00:00:10,260 --> 00:00:12,240 just to verify the ports that are in use. 7 00:00:12,240 --> 00:00:14,880 And in preparation for us looking at that together, 8 00:00:14,880 --> 00:00:18,180 let's cover a few well-known ports for four specific 9 00:00:18,180 --> 00:00:19,200 protocols-- 10 00:00:19,200 --> 00:00:22,440 HTTP-- the well-known port for that, at the transport layer, 11 00:00:22,440 --> 00:00:24,630 is TCP port number 80-- 12 00:00:24,630 --> 00:00:27,510 Telnet, which is used to get remote access with a command 13 00:00:27,510 --> 00:00:29,550 line interface to another system-- 14 00:00:29,550 --> 00:00:33,210 the well-known port for that is TCP port number 23-- 15 00:00:33,210 --> 00:00:36,630 DNS, which is used all the time to make a request to resolve 16 00:00:36,630 --> 00:00:40,800 a name, like www.cbtnuggets.com, to an IP address 17 00:00:40,800 --> 00:00:42,420 for our computer to then use-- 18 00:00:42,420 --> 00:00:46,220 the transport protocol and port at layer 4 for DNS requests 19 00:00:46,220 --> 00:00:49,590 is UDP, as the protocol, and port number 53 20 00:00:49,590 --> 00:00:50,820 for the DNS request-- 21 00:00:50,820 --> 00:00:54,090 and then finally, here in this list, FTP, the file transfer 22 00:00:54,090 --> 00:00:55,050 protocol-- 23 00:00:55,050 --> 00:00:58,530 the well-known port for that is TCP port number 21. 24 00:00:58,530 --> 00:01:01,080 And that's just for one component, or one piece, 25 00:01:01,080 --> 00:01:03,600 of a standard FTP request. 26 00:01:03,600 --> 00:01:07,020 So here, looking at a packet capture for an HTTP request-- 27 00:01:07,020 --> 00:01:08,820 this is entry number four-- 28 00:01:08,820 --> 00:01:12,750 we have the client request with a source port of 3372, 29 00:01:12,750 --> 00:01:15,870 with a destination port of the well-known port of TCP 80 30 00:01:15,870 --> 00:01:17,640 for HTTP services. 31 00:01:17,640 --> 00:01:19,015 And what we would expect to see-- 32 00:01:19,015 --> 00:01:21,098 and we can find that in the very next entry, which 33 00:01:21,098 --> 00:01:22,050 is entry number five-- 34 00:01:22,050 --> 00:01:24,210 we have a response coming back from the server 35 00:01:24,210 --> 00:01:28,290 sourcing it from port 80, TCP port 80 on the server, 36 00:01:28,290 --> 00:01:33,660 going back to the client's port of 3372. 37 00:01:33,660 --> 00:01:35,400 Here's an example of Telnet. 38 00:01:35,400 --> 00:01:37,830 So at the application layer for this entry, which 39 00:01:37,830 --> 00:01:40,700 is entry number four, it shows the application layer protocol 40 00:01:40,700 --> 00:01:43,110 is Telnet, and then at the transport layer, 41 00:01:43,110 --> 00:01:47,100 we have TCP with a source port of 1550, chosen by the client, 42 00:01:47,100 --> 00:01:50,194 going to the well-known port of the server at port 23. 43 00:01:50,194 --> 00:01:52,110 And if we take a look at the next entry, which 44 00:01:52,110 --> 00:01:54,900 is entry number five, we can see that the response is coming 45 00:01:54,900 --> 00:01:57,930 back from the server, from port 23, going 46 00:01:57,930 --> 00:02:01,530 to the client's port of 1550. 47 00:02:01,530 --> 00:02:04,440 In this example, we have a DNS request. 48 00:02:04,440 --> 00:02:06,850 And so with enter number one selected here, down here 49 00:02:06,850 --> 00:02:09,840 in the Details pane, we have a domain name system query, 50 00:02:09,840 --> 00:02:10,902 a DNS query. 51 00:02:10,902 --> 00:02:12,360 And that the transport layer, we're 52 00:02:12,360 --> 00:02:15,600 using UDP, which is what a DNS query uses, 53 00:02:15,600 --> 00:02:20,430 the source port being 32,795, with a destination port being 54 00:02:20,430 --> 00:02:24,000 53, which is the well-known port that a DNS server would 55 00:02:24,000 --> 00:02:25,150 be listening on. 56 00:02:25,150 --> 00:02:26,650 And if we go to the next entry here, 57 00:02:26,650 --> 00:02:28,722 which is the response from the DNS server, 58 00:02:28,722 --> 00:02:30,180 at the transport layer protocol, we 59 00:02:30,180 --> 00:02:32,520 can see that the source port is 53, 60 00:02:32,520 --> 00:02:36,570 and the destination port is 32,795. 61 00:02:36,570 --> 00:02:39,760 And for our fourth example, let's take a look at FTP. 62 00:02:39,760 --> 00:02:42,460 FTP uses the well-known port of 21. 63 00:02:42,460 --> 00:02:44,684 And so if we look at the transport layer information, 64 00:02:44,684 --> 00:02:46,600 here we have the transmission control protocol 65 00:02:46,600 --> 00:02:48,010 being used at layer four. 66 00:02:48,010 --> 00:02:51,160 We have a source port from the client of 1,026, 67 00:02:51,160 --> 00:02:55,150 with a destination port of the well-known port for FTP of 21. 68 00:02:55,150 --> 00:02:56,842 And if we take a look at the next entry 69 00:02:56,842 --> 00:02:58,300 here, the one right below it, which 70 00:02:58,300 --> 00:03:00,670 is the response back from the server to the client, 71 00:03:00,670 --> 00:03:02,710 the source port from the server to the client 72 00:03:02,710 --> 00:03:05,680 is using port 21 as a source, with a destination 73 00:03:05,680 --> 00:03:08,702 port of 1,026. 74 00:03:08,702 --> 00:03:10,660 In this Nugget, we've taken a look at Wireshark 75 00:03:10,660 --> 00:03:12,790 to reinforce the concepts of how ports 76 00:03:12,790 --> 00:03:16,660 are used at the transport layer in the TCP/IP Protocol Suite. 77 00:03:16,660 --> 00:03:18,820 I hope this has been informative for you, 78 00:03:18,820 --> 00:03:22,380 and I'd like to thank you for viewing. 79 00:03:22,380 --> 00:03:23,645