[solved] What destination-ports Web-browsers actually use?
-
I just realized that a webbrowser can use more ports then 80 and 443...
I had run a speedtest and the test-side was showing the tunnel ip, like I had expected because of my PBR, but the speed was to high. I much later realized that it actually uses port 8080 for the speedtest and that port was not part of my PBR...
But now I have to ask, what destination-ports can a modern Web-browser actually use, just those 3 or much more?
I did learn that you can use QoS Policy to route traffic by app if it is supported by the OS and that is the case with Windows, but I had thought I can have it easier...
-
Basically port 80 and 443 are the default ports for HTTP respectively HTTPS and so there is no need to state these ports in the URL.
However, you can configure a web server to listen on whatever port you want. But doing so, you have to state the port on the client to access the server.
For instance if you configure your server to listen on port 6582, you have to append the port to the hostname in the browser like
http://hostname.tld:6582[/virtual-directory][/filenname]
If the server uses TLS the you have to state https in the URL:
https://hostname.tld:6582[/virtual-directory][/filenname]@bob-dig said in What destination-ports Web-browsers actually use?:
I had run a speedtest and the test-side was showing the tunnel ip, like I had expected because of my PBR, but the speed was to high. I much later realized that it actually uses port 8080 for the speedtest and that port was not part of my PBR...
I guess, this speedtest is a ready to use software tool and it has to port to connect to given hard-coded inside.
-
@viragomann said in What destination-ports Web-browsers actually use?:
I guess, this speedtest is a ready to use software tool and it has to port to connect to given hard-coded inside.
Nope, it was just speedtest.net in a browser (firefox).
-
@bob-dig
The server could also send a reload command to the browser with an URL including a different port after initial connection with default ports. -
@viragomann Interesting, if so then I can not PBR all of my webbrowser traffic on a port basis only but will have to use something like QoS tagging.
-
@bob-dig
However, 8080 is a standard port as well. It's typically used for proxy servers.
So you should include this one into your browser ports alias. -
@bob-dig while sure really any port could be used for http or https traffic.. I don't think you will typically run into much of this..
Most sites would use the typical 80 and 443 ports - running a browser based service over a different port could have issues that could generate support tickets.
If I was going to run some website and wanted the globe to be able to connect to me - it would be in my best interest to just use the standard ports. Because not everywhere might allow port 46723 for example ;)
And would just complicate troubleshooting connectivity, etc.
8080 is typical alternative, also very common proxy port. 8443 for example another common alternative port for https on 443..
If your worried about something bypassing your pbr based on port - just block other ports completely... You will know or hear when something doesn't work ;)
-
@viragomann It is, but is that all or can a website actually make my browser use any port? I know something about WebRTC is or was a problem, but other then this...
@johnpoz I did this for privacy reasons and I know, most of the websites probably don't try stuff on you but with so much third party stuff running on so many websites... and the speedtest really riddled me, because it stated that I had 250 MBits DL while iperf showed me, that my openvpn tunnel max out at 70 MBits...
-
@bob-dig
Basically websites can redirect hte browser to any port, but that wouldn't make much sense, since the site should be reachable from anywhere as possible, but some notworks or hotspots are blocking non-standard ports. -
@bob-dig said in What destination-ports Web-browsers actually use?:
because it stated that I had 250 MBits DL while iperf showed me, that my openvpn tunnel max out at 70 MBits...
Well that could get tricky in other ways as well.. While those browser speedtest most of the time use multiple sessions to completely fill the pipe. Iperf for example would normally only run 1 connection. So related to BDP and the like, 1 session might not be able to max out whatever connection your running through, but multiple like speedtest normally does could.
But again if you were blocking other ports than 80 or 443, and speedtest tried to use 8080, it would of failed - and you would of known about it right away that something wasn't right ;)
-
@johnpoz said in What destination-ports Web-browsers actually use?:
But again if you were blocking other ports than 80 or 443
That wouldn't be my usecase.
I now switched to doing the PBR via QoS tagging, looks right to me.
How is the ping done, via ICMP? Then this is still my original internet connection, but I think, I can live with that in this case.
-
@bob-dig said in What destination-ports Web-browsers actually use?:
can a website actually make my browser use any port
The port is part of the URL. Browsers know to default to 80 or 443 for HTTP or HTTPS. If a web server is using port 3874 and you connect on 443 it won't connect. Or, the server could listen on 443 and send a redirect to 3847 (non standard ports show in the address bar...www.example.net:3847/page). Or the server could serve a page on 443 and reference images or other content on other web servers and/or ports.
-
@bob-dig said in What destination-ports Web-browsers actually use?:
But now I have to ask, what destination-ports can a modern Web-browser actually use, just those 3 or much more?
That was decides during an evening somewhere in the '70.
The source and destination ports are mapped over 16 bits.Bits and bytes were declassified back then (it was rocket science before), so we all know now that 16 bits could be decimal for 0 to 65535. 2^16 == 65536
For historical reasons, forget about number (port) 0 (no bits set) and port number 65535 (all bits set). Don't try 65536 neither.So a web server can listen on any port. Not just 80 or 443.
A web client (known as a browser) can use any port and a user could use
http://www.ancient-web-site.tld :80 but, when "http" is used, the ":80" is added by default.
Same thing for https : port 443 is implied.You could set up a web server that listens on port 8080.
Google would never find it.
When you access your site with http://yourdomain.tld:8080 it would work just fine. -
@gertjan Come one guys, that wasn't the question. The question in the start post (not only the heading) is about doing PBR with ports for a webbrowser and the conclusion is, you can't.
Thumbs down for the last two post, to bad I can't.
-
@bob-dig said in What destination-ports Web-browsers actually use?:
I can't
I should have up-voted yours with a huge smiley.
My college next to me, confirmed my reaction and said "what's next ? They will ask why wheels on cars are round ?"Read your first post, subject, fist paragraph and third paragraph.
I'm not sure what you meant to say (ask) but I'm pretty sure about what I understood.I know very well you know better.
Btw : The Firefox source code shows clearly that it accepts any port number from 1 to 65535 - and defaults to 80 and 443, see the condition above.
I did look up what 'PBR' is, but these guys couldn't make me any smarter.
So, what's next : @Bob-Dig was smoking the better stuff ?
So, why not : start with the beginning of things and then build up ?
Please keep in mind : old forum tradition : don't post serious stuff on Fridays, just before weekend hours. Everything is in shut down mode ^^
I acknowledge the down vote.
And thanks for the big laugh ... -
@gertjan said in [solved] What destination-ports Web-browsers actually use?:
I did look up what 'PBR' is, but these guys couldn't make me any smarter.
Wow, it is actually in there. And Friday is tomorrow but you are probably one of those who thinks the week is almost over at wednesday mornings. ^^
