This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why do I see network packets with port 443 as the source (unusual), to destination port 4292?

0

Port 443 is usually the destination port if I am not mistaken, however I see it as the source port going to port 4292 and cannot figure out what could be using that.

Is it Carbonite maybe?

Thank you.

asked 09 Apr '15, 20:20

pctech's gravatar image

pctech
6112
accept rate: 0%


One Answer:

0

Port 443 is the well-known server port for SSL (encrypted) web traffic. So, when a client communicates with a server using SSL, the server will use port 443 and the client will use a dynamically selected port, such as 4292.

Port 443 will be the destination port for packets from the client and to the server, and it will be the source port for packets from the server and to the client.

GET requests from the client to the server will be from port 4292 on the client (or whatever port was dynamically selected) and to port 443 on the server. Acknowledgments from the server back to the client will be from port 443 and to port 4292.

When the server sends a web page to the client, the data packets will be from port 443 on the server and to port 4292 on the client. Acknowledgments from the client back to the server will be from port 4292 and to port 443.

answered 09 Apr '15, 20:45

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

I.e., it's not usually the destination port; it's a destination port for a client (Web browser), but it's a source port for a server.

(10 Apr '15, 14:08) Guy Harris ♦♦