Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1059
Views
4
Helpful
9
Replies

Why HSRP source and destination ports are showing same in wireshark

Sharanjeet_Kumar
Level 1
Level 1

‎07-31-2023 12:00 AM

Sharanjeet_Kumar_0-1690786190915.png

Hi all,

Can anyone tell me why port number of source and destination is showing same for HSRP.

I am just curious is it possible that any service can use same port number for source and destination??

 

Thanks!!!!

Labels:
0 Helpful
9 Replies 9

M02@rt37
VIP
VIP

‎07-31-2023 12:11 AM - edited ‎07-31-2023 12:50 AM

@Sharanjeet_Kumar,

When an HSRP group is configured, the VIP is shared among the routers in the group, and the source and destination IP address in HSRP messages is set to this VIP. The source and destination port numbers are both set to 1985 in HSRP messages to differentiate them from other protocols and to ensure that the receiving routers can properly interpret the HSRP messages.

Different services and protocols should use unique port numbers for their source and destination. This is necessary for proper communication between applications, as the combination of source and destination port numbers uniquely identifies the communication flow. 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World
VIP
VIP

‎07-31-2023 01:46 AM

let start from above 
L2 address from Active/standby to multicast L2 mac address <<- all rotuers in HSRP listen to this mac address
L3 address from active/standby to multicast L3 IP address <<- all rotuers in HSRP listen to this IP multicast address
L4 port from active/standby to ? there is no L4 udp port multicast so for multicast (not all case) the port is same for source and destination 

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-31-2023 04:37 AM

"I am just curious is it possible that any service can use same port number for source and destination??"

It depends on how the service is expected to be used.

Keep in mind the purpose of port numbers, they are a way to tag packets to a specific session on a host, but a network host can do it's own internal tagging too.

For HSRP it makes sense.  Each host is running a single HSRP service on the same port.

0 Helpful

David Ruess
VIP
VIP

‎07-31-2023 05:25 AM - edited ‎07-31-2023 05:25 AM

Absolutely! Another example is LDP used for MPLS. Source and destination UDP port is 646 for both.

Hope that helps

-David

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to David Ruess

‎08-01-2023 03:45 AM

Hello @David Ruess ,

LDP uses UDP for dynamic neighbor discovery combined with a multicast destination likely 224.0.0.2 all routers on segment. Once an LDP neighbor is discovered a TCP session is established for exchanging label mappings and only one side uses the well known TCP 646 port the other side uses an high number port like it happens in a BGP session

HSRP uses UDP only and it can use the group number as a way to discriminate between messages when multiple HSRP groups are configured on the same LAN interface or subinterface ( and each group can be authenticated with a different key)

Hope to help

Giuseppe

 

MHM Cisco World
VIP
VIP
In response to Giuseppe Larosa

‎08-01-2023 03:48 AM

@David Ruess is correct' there are two protocol udp and tcp use for ldp.

And he mention udp of ldp that source and destiantion is same.

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎08-01-2023 08:43 AM

"HSRP uses UDP only and it can use the group number as a way to discriminate between messages when multiple HSRP groups are configured on the same LAN interface or subinterface ( and each group can be authenticated with a different key)"

What Giuseppe is describing, is why HSRP does not need to depend on a different port number.  As I described, earlier, it's up to the host (app/protocol) to determine whether it needs port number discrimination (different/dynamic source port numbers) or not.

Also, although HSRP uses UDP, same applies to TCP, host (app/protocol) determines how it wants to pass information between hosts.  (Also keep in mind, the whole point of UDP and TCP is to provide a common service so that each network application doesn't need to "reinvent the wheel".)

0 Helpful

MHM Cisco World
VIP
VIP
In response to Joseph W. Doherty

‎08-01-2023 08:49 AM

Just simple words enough' there is no specific UDP port for mutlicast' that why source and destiantion is same.

""Genius is making complex ideas simple'not making simple ideas complex""

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎08-01-2023 10:25 AM - edited ‎08-01-2023 10:28 AM

"Just simple words enough' there is no specific UDP port for mutlicast' that why source and destiantion is same."

Well, to that . . .

"Can anyone tell me why port number of source and destination is showing same for HSRP."

but as my initial post listed:

"I am just curious is it possible that any service can use same port number for source and destination??"

It was specifically the second question I was responding too.

At the time of my initial posting, M02@rt37 , wrote "Different services and protocols should use unique port numbers for their source and destination." (and of course), "should" isn't "must", and you wrote "there is no L4 udp port multicast so for multicast (not all case) the port is same for source and destination", which might lead one to think the source port field isn't present.

The Wiki's User Datagram Protocol article, contains this for a UDP source port:

The use of the checksum and source port fields is optional in IPv4 (pink background in table). In IPv6 only the source port field is optional.

Source port number
This field identifies the sender's port, when used, and should be assumed to be the port to reply to if needed. If not used, it should be zero. If the source host is the client, the port number is likely to be an ephemeral port. If the source host is the server, the port number is likely to be a well-known port number from 0 to 1023.

Lots of good info in the above, including usage is optional, but field is still there and should be set to zero when not being used.  Also describes what the usual usage is, but usual isn't the same as always.  However, interesting is how the usual usage differs between "client" sources and "server" sources.  (I may have been unclear, but this was the point I was trying to make about the "host", itself, being relevant.)

So, my initial posting, and my follow-ups, have tried to emphasis that a host (network app/protocol) can pretty much do whatever it wants, including using the same port number for source and destination port numbers.

@David Ruess and @Giuseppe Larosa then provided replies, discussing another real-world example, LDP, where source and destination ports can be the same.

In your post, to which I'm responding, you write: "Just simple words enough' there is no specific UDP port for mutlicast' that why source and destiantion is same.", appears to impute all UDP multicast would not have a specific UDP port number and so source and destination ports are (always?) the same.  I'm sure you don't really mean that's the only reason and/or there's no other possible usage, correct?

Lastly, although the first question involves HSRP's UDP and multicast, for the second question, again, a TCP source port could also be the same as the destination port.  Off-the-top-of-my-head, don't know any typical TCP apps/protocols that might do this, but don't see why one could not.  (Much as FTP works differently, in its data port handling, depending on what mode FTP is running in, active or passive.)

0 Helpful
Customers Also Viewed These Support Documents