Re: TCP port number 0

Fri, 19 Jan 2001 01:36:01 -0800 

Hi,

Without seeing the actual access-list, I would imagine that no port numbers
are being logged because you are not interrogating the traffic at a port
level, simply at a protocol level. You are seeing TCP traffic but not
checking for the port.

For example,

if you have a list that resembles the following:

access-list 101 deny tcp host 192.168.1.1 any log
access-list 101 permit ip any any

then the router will not check the port number (cos it doesnt need to - you
havent specified any port numbers)

if you want to see the port number, then you will have to add an entry that
forces the router to check the port, like in the following. The first entry
will force the check.

access-list 101 permit tcp host 192.168.1.1 eq smtp any
access-list 101 deny tcp host 192.168.1.1 any log
access-list 101 permit ip any any

Hope this makes sense!

---
Chris Miles
Senior Support Engineer
Customer Network Engineering
REDNET Ltd

----- Original Message -----
From: "Nurarif W" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 19, 2001 7:40 AM
Subject: TCP port number 0


> Hi,
>
> Does anyone know what is the purpose of tcp port number 0 ?
> I have an experience catching traffic coming from HTTP server with tcp =
> port number 0 and destinated to any IP address with tcp port number 0. =
> After I put an incoming acces-list that blocked port number 0, a few =
> minute later I saw this packet was never being generated again. The =
> access-list is applied for incoming traffic.
> For example :
>
> access-list 101 deny   tcp host HTTPserver eq 0 any log
> access-list 101 deny   tcp any any eq 0 log
> access-list 101 deny   tcp any eq 0 any log
> access-list 101 permit ip any any
>
> Thank you
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to