57 What are LISTENING ports? (Firewalls - TCP and UDP Ports)
Description
This article is from the Firewalls FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum mjr@nfr.com with numerous contributions by others.
57 What are LISTENING ports? (Firewalls - TCP and UDP Ports)
Suppose you did ``netstat -a'' on your machine and ports 1025 and 1030
showed up as LISTENing. What do they do?
Right, let's take a look in the assigned port numbers list.
blackjack 1025/tcp network blackjack
iad1 1030/tcp BBN IAD
Wait, what's happening? Has my workstation stolen my VISA number and decided
to go play blackjack with some rogue server on the internet? And what's that
software that BBN has installed?
This is NOT where you start panicking and send mail to the firewalls list.
In fact, this question has been asked maybe a dozen times during the past
six months, and every time it's been answered. Not that THAT keeps people
from asking the same question again.
If you are asking this question, you are most likely using a windows box.
The ports you are seeing are (most likely) two listening ports that the RPC
subsystem opens when it starts up.
This is an example of where dynamicly assigned ports may be used by server
processes. Applications using RPC will later on connect to port 135 (the
netbios ``portmapper'') to query where to find some RPC service, and get an
answer back saying that that particular service may be contacted on port
1025.
Now, how do we know this, since there's no ``list'' describing these ports?
Simple: There's no substitute for experience. And using the mailing list
search engines also helps a hell of a lot.
Continue to:
My Books
