I took a quick peek at some EtherPeek traces I have gathered from various
places.
In an example of file sharing using SMB on top of NetBIOS on top of TCP,
the client uses source port 1025 even though the IANA document says that's
for Network Blackjack!?
In a Web browsing (HTTP) example, the client uses a source port of 1451
even though the IANA document says that's for IBM Network Management!?
In another Web browsing (HTTP) example, the client uses 1406 which is
supposedly for NetLabs License Manager.
In an FTP example, the client uses a source port of 1661, which is
supposedly for IBM Netview. (IBM really went gung ho! &;-)
In a Telnet example, the client uses a source port of 2126, which is
supposedly for PktCable-COPS.
I don't have a real explanation, but I can tell you this: I couldn't find
any examples of a source port above 49151.
HTH??
P.
At 05:24 PM 11/6/00, Chuck Larrieu wrote:
>Got a question about this.
>
>Application wants to open a TCP connection to something - say http, so the
>application issues the request, TCP on the application side uses some random
>port number above 1023 as the source port number. The destination port is
>the well know port on the distant end.
>
>However, I see from the IANA port listings
>(http://www.isi.edu/in-notes/iana/assignments/port-numbers ) that there are
>any number of registered ports above 1023. For example L2TP uses port 1701,
>Groupwise uses port 1677, ands WINS uses port 1512. The IANA page itself
>calls ports 1024 through 49151 "registered" and further states that only
>ports 49152 and beyond are "dynamic and / or private"
>
>Anyone ever sniffed outbound traffic and seen apps using source ports in the
>1024 through 49151 range?
>
>It just occurs to me that this has the potential of creating problems, if an
>application uses a port reserved for some other application. Since most of
>the ports in this "registered" range appear to be for obscure kinds of
>services or applications, perhaps this isn't really and issue.
>
>Comments?
>
>Chuck
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
