What TCP port to use with SeaCat
Introduction
SeaCat requires to specify one TCP port that is eventually used for client-gateway communication. Clients connect to this port to establish TLS channel that is used to exchange requests and related responses. SPDY-based communication protocol is used for traffic in this channel.
SeaCat: Protocol stack
TCP ports reachability
Google performed investigation during WebSocket implementation (late 2009) that showed surprising facts about success rate of client-to-server connections:
- HTTP port 80: 67%
- Custom TCP port (61985): 86%
- HTTPS port 443: 95%
The reason for low HTTP score is that the Internet is today full of proxies and firewalls that are configured to be transparent to HTTP traffic. However, non-HTTP traffic doesn't successfully pass them. Detailed reasoning can be found here: SPDY Essentials presentation from Google at approx. 18th minute of the video.
443 or custom port
SeaCat communication protocol is up to Session layer compatible with HTTPS protocol stack, HTTPS client that connects to SeaCat gateway is politely rejected with no harm on both sides. SeaCat traffic is indistinguishable from HTTPS traffic for intermediates on the network path, and,therefore, it shares the same success rate of connections. For these reasons TCP port 443 is recommended choice for SeaCat.
If for whatever reason you cannot use this port, use any TCP port above 1024 (non-reserved ports). You will likely got little bit worst connection success rate but still useful for practical deployments in common network scenarios.
Need help?
Do you want to review your SeaCat-related design proposal?
Do you have a question we didn’t cover?
Do you want to give some feedback?
Feel free to contact us support@teskalabs.com.
Most Recent Articles
- A beginner-friendly intro to the Correlator for effective cybersecurity detection
- Inotify in ASAB Library
- From State Machine to Stateless Microservice
- Entangled ways of product development in the area of cybersecurity #3 - LogMan.io
- Entangled ways of product development in the area of cybersecurity #2 - BitSwan
You Might Be Interested in Reading These Articles
SeaCat Mobile Secure Gateways' Performance Test
We decided to perform this test to validate our architectural, design and implementation decisions in regards to SeaCat performance. Our goal was to build the best-in-class product using the most advanced techniques to deliver highest possible throughput yet not compromising the security of the communication. Results of the test have been fed back into our development team to improve further overall performance characteristics of the solution.
Published on July 21, 2014
Entangled ways of product development in the area of cybersecurity #3 - LogMan.io
At that time I lived in Prague for a short time, which is not a very friendly place to live, but it allowed me to go to the office almost every day. A bigger surprise awaited Vlaďka and Aleš when I told them that I was going to move to a house almost eighty kilometres from the office and that I would need to be mainly at the home office.
Published on January 15, 2023
State machine miracle
How I learned what a finite state machine is and that good design is an essential part of programming.
Published on October 15, 2022