Protocol Port logistics

Question

(Remaining segment of original Question) I'm a bit confused on logistics of a software firewall app on a client side computer that blocks incoming on a port. Texts generally depict a Server initiating the bind to a port then setting up listening. Then clients can attempt to connect to this server, upon which the Server assigns the Client another free port number to form the connection protocol tuple. But how does an app on a client setup or bind to a port to monitor and/or block it?

UPDATE EDIT ADD: I looked at the links 4dc0 gave in comment and they were helpful.

So I deleted certain segments of my original question as answered to a point that they are mute issue of concern.

After doing more reading I found in the context of servers, 0.0.0.0 means all IPv4 addresses on the local machine. So this led me in a new direction of decipher.

so I looked at this, >netstat -a -n -o -b
I like the -b switch cause some PIDs don't show in task man svcs. Proto Local Address Foreign Address State PID TCP 0.0.0.0:49168 0.0.0.0:0 LISTENING 2020 listening [NortonSecurity.exe] TCP 0.0.0.0:49169 0.0.0.0:0 LISTENING 2020 [NortonSecurity.exe] TCP 192.168.1.5:49170 13.91.60.30:443 ESTABLISHED 2020 [NortonSecurity.exe] TCP 192.168.1.5:51220 50.23.246.167:80 TIME_WAIT 0 TCP 192.168.1.5:51223 151.101.1.69:443 ESTABLISHED 5504 [firefox.exe]

This was interesting but I still needed help deciphering the full impact. I did more searching and found this link, How do multiple clients connect simultaneously to one port, say 80, on a server?

While a different Title persey it gave me a lot of insight into this and more directions to search from here. Additionally it gave a good book link which in the used sellers section was affordable.

Thanks for the suggestion of serverfault.com. I would be a new affiliate there and might not be able to comment on any answers which to me would make it futile to post the question. — , Jan 17 '19 at 23:58
please look at [this](https://networkengineering.stackexchange.com/questions/17115/how-to-know-at-what-osi-layers-does-a-firewall-operate) and [this](https://networkengineering.stackexchange.com/questions/16996/what-layer-of-the-osi-model-deals-with-ports/16999). — 4dc0, Jan 18 '19 at 00:17

score 0 · Answer 1 · answered Jan 21 '19 at 00:21

I can see many reasons why someone qualified would not reply to a post like this. However my naivety in posting the question was surpassed only by my desire to get more insight into these facets. Admittedly I was not seeking to write code for such, but desired a deeper understanding of it. As I searched through one clue to the next I realized the depth and scope of what I sought. And after some effort I did find enough to give me an idea of what's going. In case anyone comes by here with same curiosities I'm posting up a few of the better links I found.

Some links are dated but contain paradigm related content of application based filtering, tracking, layer 3, 4, and/or drivers via the NDIS firewall paradigms.

https://www.symantec.com/connect/articles/software-firewalls-made-straw-part-1-2

https://learn.microsoft.com/en-us/windows-hardware/drivers/network/ndis-driver-stack

https://learn.microsoft.com/en-us/windows-hardware/drivers/netcx/

https://www.codeproject.com/Articles/3405/Developing-Firewalls-for-Windows-2000-XP

https://www.codeproject.com/Articles/5602/Simple-Packet-Filter-Firewall

https://www.novell.com/documentation/nbm38/?page=/documentation/nbm38/overview/data/ae70q0b.html

http://programmerworld.net/personal/firewall.htm

Good recommended book https://www.amazon.com/exec/obidos/tg/detail/-/0471205443/qid=1094828844/sr=1-1/ref=sr_1_1/103-9352427-0026242?v=glance&s=books&tag=hardfocom-20

Protocol Port logistics

1 Answers1