TCP/IP ports
Scott
plug-discuss@lists.plug.phoenix.az.us
Wed, 5 Feb 2003 18:11:59 -0700 (MST)
I wont add any more links to the well known ports - enough people have
already done that.
What I would like to add is this:
What you MAY be seeing on port 4081 and other "high" ports (1025+) is the
outbound traffic from an inbound ftp, telnet, ssh, http, etc. Although
these are well known ports and always come in on 21, 23, 22, ... (unless
you make an effort to have them come in on some other port), they dont
always leave by the same port. If you park ethereal or tcpdump on the
wire and watch, you will see what I mean. Also, if you have a logging
firewall or nat box, you can see this behavior there too (although it
might not be as obvious).
If you want to see a more detailed explanation of how this works, yahoo or
google for "passive ftp" and/or "active ftp". Although this explains a
specific service, you'll get the general idea.
scott b.
ps
I say "MAY be seeing" because it is possible the host in question has been
compromised.
On Wed, 5 Feb 2003, Scott H wrote:
> I'm trying to track down network traffic on our
> LAN. I'm seeing very frequent use of upper-level
> ports I don't recognize, like 4081. Does anyone
> know where you can go to get a comprehensive list
> of what ports are used by what
> systems/applications? Thanks for any help...
>
> Scott
>
>
>
>
>
> .
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
NT makes anything simple, easy, and anything difficult to do, impossible.
Unix makes anything easy to do difficult, and anything difficult to do,
possible. Basically, if your VCR is still flashing "12:00" then unix is not
for you!