Educause Security Discussion mailing list archives

Re: TCP port 0

From: John Kristoff <jtk () NORTHWESTERN EDU>
Date: Wed, 24 Nov 2004 10:05:31 -0600

On Wed, 24 Nov 2004 10:21:37 -0500
Bernie Timberman <BTIMBERMAN () DEPAUW EDU> wrote:

We have been seeing a lot of traffic lately on tcp port 0. Anyone else
seeing traffic on that port and is anyone blockong that port?


Depending on how you are 'seeing' the traffic, much of it may only be
fragments of a larger TCP packet using ports not know to that fragment.
Data retrieved via network flows (e.g. Netflow) is typically reported
this way.

I do not know of any legitimate use of TCP port 0, but port 0 is widely
used in UDP-based applications.  Particularly the source port for things
like streaming media.  UDP source port 0 is specifically legitimate per
RFC 768 so be careful what you filter.

John

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

TCP port 0 Bernie Timberman (Nov 24)
- <Possible follow-ups>
- Re: TCP port 0 John Kristoff (Nov 24)
- Re: TCP port 0 Doug Pearson (Nov 24)