Google for ephemeral port tcp syn On Nov 13, 2007 5:43 PM, Dean Pierce <[EMAIL PROTECTED]> wrote:
> Simon Smith wrote: > > Kelly, > > SYN packets and ports do not correlate. And yes, SYN is TCP. You > should > > read up on TCP/IP etc so that you understand protocols before posting to > > mailing lists. > > > Maybe then you could explain how it works :-) From what I understand, > the RFC doesn't really specify how source ports should be generated for > new TCP sessions (Please someone correct me if I'm wrong, I am not > intimately familiar with that particular set of RFCs). > > On my linux system I have currently have access to, the numbers I am > getting seem pretty random (59101, 49607, 40343, 54786, 38335, ...) > while the windows xp machine I am on seems to be rather sequential > (12050, 12065, 10293, ...). > > Also, google claims that source ports have been used to identify worms > etc where the source ports have been hard coded into the packet engine. > > Hopefully someone more familiar with the field responds :-) > > - DEAN > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
