TCP/IP and the DoD Model
125
Destination Port: 23
Sequence Number: 1456389907
Ack Number: 1242056456
Offset: 5
Reserved: %000000
Code: %011000
Ack is valid
Push Request
Window: 61320
Checksum: 0x61a6
Urgent Pointer: 0
No TCP Options
TCP Data Area:
vL.5.
+.5.+.5.+.5 76 4c 19 35 11 2b 19 35 11 2b 19 35 11
2b 19 35
+. 11 2b 19
Frame Check Sequence: 0x0d00000f
We can see by looking at this session that the source host makes up the
source port. But why does the source makes up a port number? To differen-
tiate between sessions with different hosts, silly! How else would a server
know where information is coming from if it didn't have a different number
from a sending host? TCP and the upper layers don't use hardware and log-
ical addresses to understand the sending host's address like the Data Link
and Network layer protocols do. Instead, they use port numbers. And it's
easy to imagine the receiving host getting thoroughly confused if all the hosts
used the same port number to get to FTP!
TCP Session: Destination Port
Now, you'll usually look at an analyzer and see that only the source port is
above 1024 and the destination port is a well-known port, as shown in the
following Etherpeek trace:
TCP - Transport Control Protocol
Source Port: 1144
Destination Port: 80 World Wide Web HTTP
Sequence Number: 9356570
Ack Number: 0
Offset: 7
Reserved: %000000
Code: %000010
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com