One more thought. Not sure why you asked about source ports. The port
number chaos is not really a problem for source ports. TCP keeps track of
the port numbers it assigns to applications. But the chaos is more of a
problem for destination ports. Another major issue is that people trying to
keep their firewalls up-to-date have a hairy time because of the port
number chaos and the fact that the IANA document is so dated.
Priscilla
At 05:55 PM 11/6/00, Priscilla Oppenheimer wrote:
>I took a quick peek at some EtherPeek traces I have gathered from various
>places.
>
>In an example of file sharing using SMB on top of NetBIOS on top of TCP,
>the client uses source port 1025 even though the IANA document says that's
>for Network Blackjack!?
>
>In a Web browsing (HTTP) example, the client uses a source port of 1451
>even though the IANA document says that's for IBM Network Management!?
>
>In another Web browsing (HTTP) example, the client uses 1406 which is
>supposedly for NetLabs License Manager.
>
>In an FTP example, the client uses a source port of 1661, which is
>supposedly for IBM Netview. (IBM really went gung ho! &;-)
>
>In a Telnet example, the client uses a source port of 2126, which is
>supposedly for PktCable-COPS.
>
>I don't have a real explanation, but I can tell you this: I couldn't find
>any examples of a source port above 49151.
>
>HTH??
>
>P.
>
>At 05:24 PM 11/6/00, Chuck Larrieu wrote:
>>Got a question about this.
>>
>>Application wants to open a TCP connection to something - say http, so the
>>application issues the request, TCP on the application side uses some random
>>port number above 1023 as the source port number. The destination port is
>>the well know port on the distant end.
>>
>>However, I see from the IANA port listings
>>(http://www.isi.edu/in-notes/iana/assignments/port-numbers ) that there are
>>any number of registered ports above 1023. For example L2TP uses port 1701,
>>Groupwise uses port 1677, ands WINS uses port 1512. The IANA page itself
>>calls ports 1024 through 49151 "registered" and further states that only
>>ports 49152 and beyond are "dynamic and / or private"
>>
>>Anyone ever sniffed outbound traffic and seen apps using source ports in the
>>1024 through 49151 range?
>>
>>It just occurs to me that this has the potential of creating problems, if an
>>application uses a port reserved for some other application. Since most of
>>the ports in this "registered" range appear to be for obscure kinds of
>>services or applications, perhaps this isn't really and issue.
>>
>>Comments?
>>
>>Chuck
>>
>>_________________________________
>>FAQ, list archives, and subscription info:
>>http://www.groupstudy.com/list/cisco.html
>>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
