I'm learning networking programming in C and there is a question bothers me a lot, does the destination port change during TCP three-way handshake? Let's say I have a cilent application running on port 5000 and a web server running on tcp port 80.
We know that port 80 is just a welcoming port, when the web server reveives a http request, it create a new connection port(let's say 5000)
So my understanding is, the initial address of the client uses to send packet to the the server's ip address + port 80, and after the server(listening on port 80) accepts the request and create a new connection port(5000), then subsequent packets(contain data payload) that client send to web server is the server's ip address + port 5000. So the destination port actually "change" from 80 to 5000 if you use wireshark to capture packets you will see two ports, 80 and 5000 as destination port in TCP headers, is my understanding correct?
Best Answer
No, a TCP connection is uniquely identified by both source and destination IP and TCP (port) addresses. Changing any one of those will break the TCP connection (or prevent it from forming in the handshake).
What you may be referring to is the fact that a web browser will form, use, and close multiple TCP connections with the web server. Each connection will use a different browser TCP source port.
Edit, based on your comment:
RFC 793, Transmission Control Protocol defines TCP, and it explains:
TCP creates a bidirectional connection between process/application peers (much like ethernet creates a bidirectional connection between hosts), and the connection can be used by each side to both send and receive. TCP, itself, does not have clients or servers, that is an application-layer concept. The web browser will use the TCP connection to send requests to the web server, and the web server will use the same connection to send responses to the requests back to the web browser.
The web browser can send multiple requests and receive the replies to the requests on the same TCP connection. Some web browsers will set up multiple connections to the web server in order to request different web page elements at the same time, but that is an application-layer behavior, not a behavior of TCP, and application behaviors are off-topic here.
A server process usually listens on a well-known port number, e.g. TCP port 80 for HTTP. A client process will request TCP to create a connection to the server process at the server's well-known port number, and usually using the reserved port
0
so that TCP will assign the client process an ephemeral port number for that connection. When the TCP connection is terminated (either side can terminate the connection), the ephemeral port is returned to the pool of ephemeral port numbers to be reused for a different connection. Some OSes will use the ephemeral port numbers from the available pool in a specific order, and some will randomly choose an ephemeral port number for each connection.The actual establishment of a connection is explained in the RFC: