Educause Security Discussion mailing list archives
Re: TCP port 0
From: John Kristoff <jtk () NORTHWESTERN EDU>
Date: Wed, 24 Nov 2004 10:05:31 -0600
On Wed, 24 Nov 2004 10:21:37 -0500 Bernie Timberman <BTIMBERMAN () DEPAUW EDU> wrote:
We have been seeing a lot of traffic lately on tcp port 0. Anyone else seeing traffic on that port and is anyone blockong that port?
Depending on how you are 'seeing' the traffic, much of it may only be fragments of a larger TCP packet using ports not know to that fragment. Data retrieved via network flows (e.g. Netflow) is typically reported this way. I do not know of any legitimate use of TCP port 0, but port 0 is widely used in UDP-based applications. Particularly the source port for things like streaming media. UDP source port 0 is specifically legitimate per RFC 768 so be careful what you filter. John ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- TCP port 0 Bernie Timberman (Nov 24)
- <Possible follow-ups>
- Re: TCP port 0 John Kristoff (Nov 24)
- Re: TCP port 0 Doug Pearson (Nov 24)