According to
http://en.wikipedia.org/wiki/Registered_port
Quote:
A registered port is a network port (a sub-address defined within the Internet Protocol, in the range 1–65535) assigned by the Internet Assigned Numbers Authority (IANA) (or by Internet Corporation for Assigned Names and Numbers (ICANN) before March 21 2001[1]) for use with a certain protocol or application.
Ports with numbers lower than those of the registered ports are called well known ports; ports with numbers greater than those of the registered ports are called dynamic and/or private ports.[2]
* Ports 0-1023 - well known ports
* Ports 1024-49151 - Registered port: vendors use for proprietary applications
* Ports >49151 - dynamic / private ports
|
You can find a list of the ports in
/etc/services
It is easy to check if you start tcpdump before running a local ftp session with
ftp localhost
Code:
$ sudo tcpdump -eni lo0
tcpdump: listening on lo0, link-type LOOP
127.0.0.1.1268 > 127.0.0.1.21: S
127.0.0.1.21 > 127.0.0.1.1268: S A
127.0.0.1.1268 > 127.0.0.1.21: A
Actually a lot of more info is shown, but I trimmed it away
Here the source port is >1023
Code:
$ netstat -an -f inet
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 127.0.0.1.21 127.0.0.1.1268 ESTABLISHED
tcp 0 0 127.0.0.1.1268 127.0.0.1.21 ESTABLISHED
tcp 0 0 *.21 *.* LISTEN
The netstat output shows these ftp command channel ports.
It also shows that there is service LISTENing on port 21. This is the ftpd daemon. Setting up a daemon
to LISTEN to a port <1024 requires root privilege.
When I do a ftp 'ls', the ftp data channel is set up with
Code:
127.0.0.1.24290 > 127.0.0.1.50320: S
127.0.0.1.50320 > 127.0.0.1.24290: S A
127.0.0.1.24290 > 127.0.0.1.50320: A
So the source port >1023 and <= 49151, while the destination port is in the >49151 - 65535 range
Another ftp 'ls' creates a new data channel, with the same ranges used
Code:
127.0.0.1.4326 > 127.0.0.1.60464: S
127.0.0.1.60464 > 127.0.0.1.4326: S A
127.0.0.1.4326 > 127.0.0.1.60464: A
A ftp 'cd Desktop' this one
Code:
127.0.0.1.29882 > 127.0.0.1.52039: S
127.0.0.1.52039 > 127.0.0.1.29882: S A
127.0.0.1.29882 > 127.0.0.1.52039: A
When I use gmail
netstat -an -f inet shows:
Code:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 192.168.222.20.25960 192.168.222.10.22 ESTABLISHED
Because I use ntpd(8):
Code:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp 0 0 192.168.222.20.34895 85.12.29.43.123
udp 0 0 192.168.222.20.17778 131.211.8.244.123
udp 0 0 192.168.222.20.6308 87.195.109.207.123