i find something strange in this netstat output. the output is taken using netstat -a -n -o -p TCP
command on win 7.
Proto Local Address Foreign Address State PID
TCP 127.0.0.1:55486 127.0.0.1:55487 ESTABLISHED 5808
TCP 127.0.0.1:55487 127.0.0.1:55486 ESTABLISHED 5808
Please note these two lines. both local and foreign address is localhost. but how come the ports are paired? out of two ports 55486
and 55487
which one is the server port and which one is the client port?
from what i understand, the local-address
column denotes the client side of a TCP connection and the foreign-adress
column denotes the server side. From this output it seems that the same port is behaving as both client and server.
I dont understand how is this possible with TCP?
Best Answer
Line:
TCP 127.0.0.1:55486 127.0.0.1:55487 ESTABLISHED 5808
Is stating the client is connecting to the port on 55487 for the server while the client uses port 55486.
Line:
TCP 127.0.0.1:55487 127.0.0.1:55486 ESTABLISHED 5808
is stating the server is connecting back to the client on port 55486 from 55487.
TCP requires the "3-way handshake" to set up the connection between a client and server.
The client connects to the a server (part 1 of the 3 way handshake). The server responds acknowledging the connection (part 2). The client responds to the acknowledgement with its own acknowledgement (part 3).
TL;DR - Client generally uses random port to connect to a server with a specific port. The server responds back to that machine using the random port. The client and server are NOT on the same port.