Alan Ackerman <[EMAIL PROTECTED]> wrote: > Usually, high port numbers are assigned to clients. > Clients on VM include FTP, TELNET, NFS, and > Charlotte (web browser).
That is usual for most TCP/IP systems. High source ports are assigned to any client, not just the obvious ones. > All the more reason why they MUST get you the contents of > (some of) the packets. With that you might be able to identify > which client. Why did they think it was email, if they could > not see the contents of the packets? As designed, TCP and UDP ports under 1024 are reserved, and on most systems non-privileged users can't use them. Other than that, there is usually no restriction on which port numbers can be used by client or server. Note, though, that it is easy to connect to any destination port, with no privilege normally required. On unix systems, mail is usually sent directly by sendmail run by the sender. Anyone can open a connection to port 25 and type SMTP commands into that connection. That is TCP/IP as designed. -- glen