This post has been republished via RSS; it originally appeared at: IIS Support Blog articles.
When an HTTP request is made from a client machine to a web server, a TCP connection is established between the client and the server machines. That TCP connection is built on the port numbers on both server and client sides. A web server, for example IIS, listens on port 80 for HTTP and on port 443 for SSL requests. Those are default ports of course and can be configured.
On the client side, operating system uses a random port number from an available port list, between 1024 – 65535.
You can read the following article for the TCP / IP details:
Getting the client port information
IIS writes the server side port configured for the web site request on the IIS logs. However it does not write the client port and you may need to get that client port information for some reason.
Luckily that information is available on Server Variables. From Microsoft’s explanation, the Server Variables means the following:
IIS server variables provide information about the server, the connection with the client, and the current request on the connection. Ref.: https://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx
Enhanced Logging feature of IIS 8.5
In IIS 8.5, the administrator has the option of logging additional custom fields from request or response headers, or from server variables.
That means that we can log any information available in request or response headers, or in server variables.
Logging the client port number
Client Port information is stored as REMOTE_PORT in server variables. So you can follow the instructions below:
- Open IIS 8.5 manager and choose the site you would like to configure logging with client port. You can do that on server level as well so all of the sites can log the client port.
- Open Logging and choose Select Fields.
- On Custom Fields section click Add Field.
- Give a name for Field Name, note that you cannot use space.
- Choose Server Variables from Source Type.
- Type REMOTE_PORT in Source text box.
- Click OK.
You should be seeing something like below:
From that point on, you should be seeing the client TCP port logged in the IIS logs. A sample output is below. For readability reasons I disabled most of the logging fields. I also disabled the HTTP Keep-Alive for my test web site so each request I made from the same client just creates a new TCP/IP connection:
IIS 8.5 and onwards.
For IIS 7.0, 7.5 and 8.0 you can use Advanced Logging module (http://www.iis.net/downloads/microsoft/advanced-logging).