|
Posted by Alix on December 8, 2005, 9:08 am
If you were Registered and logged in, you could reply and use other advanced thread options
On Wed 07 Dec 2005 19:12:14, Wolfgang Kueter
>> Are you saying that it is normal behavior of the TCPIP stack
>> that I am going out of port 80 and using those ascending port
>> numbers as I try to access various web and news servers?
>
> Of course, yes. There is a difference between client and server
> and destination port and source port. Both major transport
> protocols (which are tcp and udp) when connecting a service on a
> remote machine will contact the destination machine on the well
> known destination port for the particular service (80 for
> web/http, 119 for news/nntp, 110 for pop3, 25 for smtp ...) and
> use a random source port above usually above 1024 to recieve the
> answer packets from the remote machine. That is just how a
> tcp/ip stack works. Ascending source port numbers are nothing to
> worry about. Ascending TCP sequence numbers however would of
> course be a completely different story.
>
> Please read documents like:
>
> http://www.firewall.cx/tcp-analysis-section-4.php
> http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ip.htm
>
>>>> What could be causing this sequential use of local ports?
>>>
>>> Normal behaivior of an avarage TCP/IP stack.
Thanks for the info Wolfgang.
Thanks too for two very good links
>>
>> I am going to get a hardare firewall when I can afford to.
>
> Your stack won't behave any diffrent with a hardware firewall.
> What you observe is totally normal behaivior and absolutely
> nothing to worry about.
I was thinking of the hardware firewall as better a replacememnt for
a personal software firewall.
I find that the the config requirements of many software firewalls
can get more complicated than I am able to handle! Things like
making sure various utility servers get through (DHCP, UBR, DNS, etc)
and distinguishing between WAN and private IP addresses all makes my
head spin!
| 
XML site map