0

I have a connection from client to server over websocket. I was just checking the netstat o/p to understand network level details. I found that when i run netstat -anpt on both client and server , i get different client port . For e.g. On server ,

tcp6 0 0 172.34.10.158:8080 121.71.171.152:28301
ESTABLISHED 13250/java

On client,

tcp6 0 0 192.168.0.111:35129 51.74.132.142:8080
ESTABLISHED 8209/java

So the client port from server is "28301" but when i check on my client, its "35129". I am bit confused on this. P.S. 192.168.0.111 is my local ip , 51.74.132.142 is my server's public ip , 121.71.171.152 is my ISP ip and 172.34.10.158 is my server's private ip. Would be great to know more about this so any docs,resources would be useful.

Vimal Jain
  • 557
  • 6
  • 22

2 Answers2

2

Both the client and the server are behind NAT (Network Address Translation) firewalls.

You listed:

Client: tcp6 0 0   192.168.0.111:35129   51.74.132.142:8080

Server: tcp6 0 0   172.34.10.158:8080   121.71.171.152:28301

Your client has an IP of 192.168.0.111 on your local network, and wants to talk to a server at 51.74.132.142 on port 8080, so it allocates a dynamic port for the conversation (port 35129).

The TCP/IP packets leave the local network through a firewall with source-NAT, which maps the source IP:Port to 121.71.171.152:28301.
That is the external IP of your office/home. You can confirm that at http://www.whatsmyip.org/.

The TCP/IP packets arrive at the firewall protecting the server network, which is configured with destination-NAT, so it maps the destination IP:Port to 172.34.10.158:8080.

The server receives the packet and establishes a connection.

Packets flowing the other way are then un-mapped by the firewalls. The firewalls maintain state to remember how to reverse the mapping. To conserve resources, the state has a timeout, so if the server is really slow and takes longer to respond than the timeout, the response will get lost even if the client is still waiting. The network admin controls the timeout. I've seen them as low as 5 minutes, so any response time > 5 mins never arrived back at client.
Moral: Setting client timeout higher than firewall NAT timeout just delays the inevitable.

Recap

Network                      Source                Destination
YourPC   --lan--> Firewall   192.168.0.111:35129   51.74.132.142:8080
Firewall --web--> Firewall   121.71.171.152:28301  51.74.132.142:8080
Firewall --lan--> Server     121.71.171.152:28301  172.34.10.158:8080
Community
  • 1
  • 1
Andreas
  • 154,647
  • 11
  • 152
  • 247
  • @Andreas I do not think that NAT is the reason. We can have all the client server on same machine (127.0.0....and still you will have the same type of information layout. Network tuple has nothing to do with NAT. – Ritesh Oct 04 '15 at 15:50
  • @Ritesh , i dont see same layout as in my original question when client and server are on same machine.Its happening only when both are on different hosts. – Vimal Jain Oct 04 '15 at 15:55
  • @Ritesh You misunderstood the question. It wasn't about why the source IP uses a dynamic port number, or how the source/destination IP/port combinations uniquely identify the conversation. It was about why the client machine and the server machine were not showing the same information (except reversed), and *that* is because of NAT. When talking to yourself, or to a server on the same local network, the values will be the same (in reverse). – Andreas Oct 04 '15 at 15:55
  • @Andreas...Thanks..really I misunderstood the question...I thought we are asking why nestat has that kind of output. – Ritesh Oct 04 '15 at 15:58
-1

This is a network tuple hostip:hostport:destip:dest:port:protocol. All these 5 information together define one connection at OS level. At OS level, it has to know all these details for one connection to successfully route data from host to dest and viceversa.

How many tuples are there in a connection?

https://en.wikipedia.org/wiki/Network_socket#Socket_pairs

Community
  • 1
  • 1
Ritesh
  • 1,809
  • 1
  • 14
  • 16
  • But how does this justifies different port in server and client's netstat o/p ? – Vimal Jain Oct 04 '15 at 15:25
  • Using example.. Many clients try to connect to server. So OS needs to know uniquely about each connection so it will require additional information to define an unique connection. So if OS add clients addr then OS can uniquely differentiate between clients. But now what will happen if same clients make 10 connection. Then if we add port at OS level, then we can distinguish uniquely between same clients. Now what if same client and same port makes udp connection, then you need to save protocol also. So this is how at OS level each connection is uniquely defined using these 5 values. – Ritesh Oct 04 '15 at 15:36
  • Just want to know...why -1? – Ritesh Oct 04 '15 at 15:36