RE: TCP port number 0
ahp (51), eigrp (88), esp (50), gre (47), igrp (9), icmp (1), igmp (2), igrp (9), ip (0), ipinip (4), nos (94), ospf (89), pcp (108), pim (103), tcp (6), or udp (17). 0 is 'ip'. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nurarif W Sent: Friday, January 19, 2001 4:41 PM To: [EMAIL PROTECTED] Subject: TCP port number 0 Hi, Does anyone know what is the purpose of tcp port number 0 ? I have an experience catching traffic coming from HTTP server with tcp = port number 0 and destinated to any IP address with tcp port number 0. = After I put an incoming acces-list that blocked port number 0, a few = minute later I saw this packet was never being generated again. The = access-list is applied for incoming traffic. For example : access-list 101 deny tcp host HTTPserver eq 0 any log access-list 101 deny tcp any any eq 0 log access-list 101 deny tcp any eq 0 any log access-list 101 permit ip any any Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP port number 0
Hi, Without seeing the actual access-list, I would imagine that no port numbers are being logged because you are not interrogating the traffic at a port level, simply at a protocol level. You are seeing TCP traffic but not checking for the port. For example, if you have a list that resembles the following: access-list 101 deny tcp host 192.168.1.1 any log access-list 101 permit ip any any then the router will not check the port number (cos it doesnt need to - you havent specified any port numbers) if you want to see the port number, then you will have to add an entry that forces the router to check the port, like in the following. The first entry will force the check. access-list 101 permit tcp host 192.168.1.1 eq smtp any access-list 101 deny tcp host 192.168.1.1 any log access-list 101 permit ip any any Hope this makes sense! --- Chris Miles Senior Support Engineer Customer Network Engineering REDNET Ltd - Original Message - From: "Nurarif W" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 19, 2001 7:40 AM Subject: TCP port number 0 Hi, Does anyone know what is the purpose of tcp port number 0 ? I have an experience catching traffic coming from HTTP server with tcp = port number 0 and destinated to any IP address with tcp port number 0. = After I put an incoming acces-list that blocked port number 0, a few = minute later I saw this packet was never being generated again. The = access-list is applied for incoming traffic. For example : access-list 101 deny tcp host HTTPserver eq 0 any log access-list 101 deny tcp any any eq 0 log access-list 101 deny tcp any eq 0 any log access-list 101 permit ip any any Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP port number 0
- Original Message - From: ""õ¸®¾È¸ÞÀÏ"" [EMAIL PROTECTED] Newsgroups: groupstudy.cisco Sent: Friday, January 19, 2001 10:06 AM Subject: RE: TCP port number 0 ahp (51), eigrp (88), esp (50), gre (47), igrp (9), icmp (1), igmp (2), igrp (9), ip (0), ipinip (4), nos (94), ospf (89), pcp (108), pim (103), tcp (6), or udp (17). 0 is 'ip'. Sorry to say this, but all this has nothing to do with TCP ports - all these are IP protocol numbers (or you can think of these as IP packet payload type), so the IP stack "knows" what inside the packet. WWW.ietf.com :-) RGRDS, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP port number 0
Most likely someone was trying to do some "passive OS fingerprinting" with hping2. The default port the hping2 uses is 0. They might have been trying to map your network or they may have been just poking around. Neil ""Nurarif W"" [EMAIL PROTECTED] wrote in message 009c01c081eb$19cc9730$160a@pokemon">news:009c01c081eb$19cc9730$160a@pokemon... Hi, Does anyone know what is the purpose of tcp port number 0 ? I have an experience catching traffic coming from HTTP server with tcp = port number 0 and destinated to any IP address with tcp port number 0. = After I put an incoming acces-list that blocked port number 0, a few = minute later I saw this packet was never being generated again. The = access-list is applied for incoming traffic. For example : access-list 101 deny tcp host HTTPserver eq 0 any log access-list 101 deny tcp any any eq 0 log access-list 101 deny tcp any eq 0 any log access-list 101 permit ip any any Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP port number 0
TCP port 0 is reserved. Bookmark this site: http://www.isi.edu/in-notes/iana/assignments/port-numbers Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nurarif W Sent: Thursday, January 18, 2001 11:41 PM To: [EMAIL PROTECTED] Subject:TCP port number 0 Hi, Does anyone know what is the purpose of tcp port number 0 ? I have an experience catching traffic coming from HTTP server with tcp = port number 0 and destinated to any IP address with tcp port number 0. = After I put an incoming acces-list that blocked port number 0, a few = minute later I saw this packet was never being generated again. The = access-list is applied for incoming traffic. For example : access-list 101 deny tcp host HTTPserver eq 0 any log access-list 101 deny tcp any any eq 0 log access-list 101 deny tcp any eq 0 any log access-list 101 permit ip any any Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]