Date: Sun, 1 Aug 1999 21:03:21 -0800 (AKDT) From: Steve Howe <groggy@iname.com> To: freebsd-questions <questions@freebsd.org> Subject: Re: unknown ports Message-ID: <Pine.BSF.3.96.990801205244.23395A-100000@froggy.anchorage.ptialaska.net>
next in thread | raw e-mail | index | archive | help
>> i'm analyzing some ppp tcp/ip logs, and i see some >> source/destination pairs without any well known ports >> (from an ftp to ftp.cdrom.com) intermixed with the >> normal ftp sequences ... >> >> what does this mean, and should they be permitted? >> if so, how? since none of the ports are well known? >> >> ie: >> >> 111.111.111.111:1464 -> 222.222.222.222:6345 >According to http://www.isi.edu/in-notes/iana/assignments/port-numbers: >msl_lmd 1464/tcp MSL License Manager >msl_lmd 1464/udp MSL License Manager > 6345 is in all likelihood simply the random port on the local machine >that service connected to. However it's almost impossible to tell >anything more without the real IP numbers, and I have no idea what >ftp.cdrom.com has to do with your example. darn, i was hoping you wouldn't be SO good! these are the actual numbers .... ps. and why is a local net address sneaking out tun0? it is a dialup IP # that should be aliased. everything seems to be working OK otherwise ... no filters are in place with this log. tun0=ISP link ... this is FBSD 2.2.8, and the latest PPP from awfulhak.org. (123.123.123.123 is fictitious to protect the innocent :) tun0: IN TCP: 209.155.82.18:5715 123.123.123.123:1069 tun0: IN TCP: 209.155.82.18:5722 123.123.123.123:1070 tun0: IN TCP: 209.155.82.18:5849 192.168.0.5:1140 tun0: IN TCP: 209.155.82.18:5860 192.168.0.5:1141 tun0: IN TCP: 209.155.82.18:5872 123.123.123.123:1075 tun0: IN TCP: 209.155.82.18:5949 123.123.123.123:1078 tun0: IN TCP: 209.155.82.18:6064 123.123.123.123:1081 tun0: IN TCP: 209.155.82.18:6077 123.123.123.123:1082 tun0: IN TCP: 209.155.82.18:6094 192.168.0.5:1148 tun0: IN TCP: 209.155.82.18:6125 192.168.0.5:1149 tun0: IN TCP: 209.155.82.18:6258 123.123.123.123:1087 tun0: IN TCP: 209.155.82.18:6275 123.123.123.123:1090 tun0: IN TCP: 209.155.82.18:6304 192.168.0.5:1153 tun0: IN TCP: 209.155.82.18:6334 123.123.123.123:1096 tun0: IN TCP: 209.155.82.18:6348 123.123.123.123:1097 tun0: IN TCP: 209.155.82.18:6362 192.168.0.5:1157 tun0: IN TCP: 209.155.82.18:6397 123.123.123.123:1101 tun0: IN TCP: 209.155.82.18:6512 123.123.123.123:1108 tun0: IN TCP: 209.155.82.18:6524 123.123.123.123:1109 tun0: IN TCP: 209.155.82.18:6606 123.123.123.123:1113 tun0: IN TCP: 209.155.82.18:6680 192.168.0.5:1161 tun0: IN TCP: 209.155.82.18:6763 123.123.123.123:1116 tun0: IN TCP: 209.155.82.18:6840 192.168.0.5:1165 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990801205244.23395A-100000>