Understanding unique ip and port

Question

My browser is Firefox, with 3 open tabs:

tab1-->google.com
tab2-->yahoo.com
tab3-->msn.com

All of them use port 80, and so does Photoshop: How does computer know which data belong to which process?

Answer 1

A TCP connection is uniquely identified by (Local Host, Local Port, Remote Host, Remote Port). (Technically the protocol is also part of the criteria, but if we restrict ourselves to TCP, it’s of course TCP.)

An example connection with a router:

• Local Host: 192.168.2.100 (or similar)
• Local Port: 50000
• Remote Host: 216.58.208.46 (Google)
• Remote Port: 80

If you open another connection to Google, it’ll use a different outgoing port, so it can still be uniquely identified.

This is also what your operating system uses to route response packets back to the correct application.

Answer 2

I'll correct your diagram see the pic below.

It's useful to use the word packet in the general sense, the electronic engineering sense, without much of the mess of ISO OSI "layer" terminology.

One has a packet and it has information like source IP, dest IP, And after that you have some other fields that may be called the TCP segment, and they have fields such as TCP source port, TCP dest port.

Added note-

In slightly more complex scenarios, you might have two connections, and the same source IP accessing the same dest IP and dest port. but one connection would have one local tcp port, the other another local tcp port. That could happen if you have multiple tabs open in a web browser, accessing the same web server. Another scenario is if you have multiple NICs. Bear in mind that IPs belong to network interfaces (that's more accurate than saying they belong to 'computers'). A computer might have many network interfaces, many IPs. A connection happens between network interfaces.

Answer 3

The web server process on the Server is Listening on port 80 for connections on its own IP address. A connection is to a IP address AND a port, not just one or the other. As such you computer can connect to port 80 on 3 different IP addresses without problem.

Your PC does not use port 80 on the local end of the connection. The OS will use the next free local port in the range it is written to use. For Windows, ports starting at 1024 (older versions) or at 16536 (newer versions) are used for connections. Linux boxes tend to use ports in the high range, above 38000 or so.

You can confirm this behavior in Windows (powershell) with:

netstat -a | findstr <the servers IP address>

or in Linux (as root):

netstat -ntup | grep <the servers IP address>

and noting the local port. It is not port 80.

Additionally, some servers only listen for new connections on a port (like FTP), and open a new connection for actually transferring data or providing services. This behavior is entirely dependent on the daemon in question however. if the service wants to use other means to track individual sessions, it is free to do so, and keep all traffic on a single port, like TCP/80.

Edit: to address your expanded question:

Your browser knows a site by domain and IP address, not by port number. Every OS or application runtime provides a version of the Berkeley Sockets method GetHostByName(string name) which it uses to look up a remote server by domain name. On the TCP layer, since as I mentioned, you are not using TCP/80 locally (only the servers use 80, and there's no way a server at MSN is confused about whether it is Google) there is no ambiguity.

It is notable that when a program uses a port to send data, it appears that it sends the data stream to the local port, but it is important to remember that during the creation of that port, a TCP connection was created between the IP hosts, so the port already knows the (only) remote IP address that that local port is connected to.

Answer 4

All of the applications will use a random port for "internal use". This is known as the local port.

By looking at Resmon.exe, under the Network tab, you can see a list of TCP connections. This is the open TCP connections each program has open. This will display:

• Image (the program that is using the TCP connection)
• PID (this is the Personal Identification Number that the application is using)
• Local Address (the IP of your machine 99% of the time)
• Local Port (the one we are talking about - this is the random port number that is assigned to each TCP connection so they can be identified within Windows)
• Remote Address (this is the server/device that the application is connecting to)
• Remote Port (the port that the application is using)
• Packet Loss & Latency (The percentage of packet loss and the... well latency - or Ping some people might know it as)

Overall, each application/TCP connection (because some applications can have multiple, such as a web browser with multiple tabs) gets a random local port that can be used for each open TCP connection.

EDIT:

Thanks to @Hennes for identifying that the ports are more than 1023 and less than 65536.

All ports up to 1023 are reserved such as port 80 etc. And 65535 is the maximum port number.