View Single Post
  #8   (View Single Post)  
Old 25th December 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

English is not my native language, I had to look up what ephemeral meant

But you have to differentiate between source ports and destination ports. The client, usually the one initiating the connection, uses a source port randomly chosen from the 1024-49151range.

The destination port can be one of all three ranges, <1024, 1024 - 49151, or >49151
A ssh connection uses destination port 22, a connection to a mysql server port 3306, and as I posted previously, a short-lived ftp data channel connection uses the >49151 range.
Quote:
127.0.0.1.4326 > 127.0.0.1.60464: S
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote