22

I know that when a HTTP request is made, packets are sent from a seemingly-random high-numbered port (e.g. 4575) on the client to port 80 on the server. Then the server sends the reply to the same high-numbered port, the router knows to route that to the client computer, and all is complete.

My question is: How is the return port (4575 in this example) determined? Is it random? If so, within what range? Are there any constraints on it? What happens, for example, if two computers in a LAN send HTTP requests with the same source port to the same website? How does the router know which one to route to which computer? Or maybe this situation is rare enough that no-one bothered to defend against it?

Ram Rachum
  • 84,019
  • 84
  • 236
  • 374
  • 1
    I'll be happy to hear the downvoters explain why they don't like this question. – Ram Rachum Mar 29 '13 at 17:36
  • I didn't downvote - but my guess is it's really "not a programming question" - at least on the surface. – Brad Sep 26 '14 at 16:10
  • 2
    Even if it is not a programming question it can be pretty useful, expecially to get a general idea. Moreover can become handy when writing scripts or other custom code – Mattia Baldari Apr 27 '17 at 12:55

2 Answers2

21

The NAT is going to decide/determine the outbound port for a NATed connection/session, via it's own internal means. Meaning, it will vary according to the implementation of the NAT. This means any responses back will come back to that same outbound port.

As for your question:

What happens, for example, if two computers in a LAN send HTTP requests with the same source port to the same website?

It will assign different outbound ports for each. Thus, it can distinguish between the two in responses it receives. A NATs would create/maintain a mapping of translated ports, creating new outbound port numbers for new sessions. So even if if there were two different "internal" sessions, from two different machines, on the same port number, it would map to two different port numbers on the outgoing side. Thus, when packets came back in on the respective ports, it would know how to translate them back to the correct address/port on the inside LAN.

Diagram:

enter image description here

Brad
  • 11,262
  • 8
  • 55
  • 74
  • 1
    How can the NAT be the one that sets the source port, when the NAT is on the router, and the request is originating from the computer? Isn't the request sent to the router, with a source port, before the router even knows of its existence? – Ram Rachum Mar 29 '13 at 18:09
  • 3
    Yes - however, the NAT then uses a *different* source port between it and the outside server. The point is that the original source uses one port, and the NAT uses a DIFFERENT one. The NAT translates between these two port numbers. This is how it can distinguish two identical ports from different internal IP addresses. – Brad Mar 30 '13 at 19:30
  • 2
    Here, I drew you a [crappy] picture to try to illustrate: http://www.bradgoodman.com/nat.png – Brad Mar 30 '13 at 19:50
0

It depends on the NAT and on the protocol. For instance I'm writing this message behind a full cone NAT and this particular NAT is configured (potentially hard-wired) to always map an UDP private transport address UDP X:x to the public transport address UDP Y:x. It's quite easy to shed some light on this case with with a STUN server (google has some free stun servers), a cheap NAT, 2 laptops, wire shark and a really really light STUN client which uses a hard coded port like 777. Only the first call will get through and it will be mapped on the original port, the second one will be blocked. NAT's are a hack, some of them are so bad that they actually override on return the public transport address not only in the header but even in the transported data which is kinda crazy. ICE protocols has to xor the public address to bypass this issue.

Jean-Arthur Deda
  • 41
  • 4