Wireshark mailing list archives
Re: out of port numbers
From: Andrew Hood <ajhood () fl net au>
Date: Sat, 20 Aug 2011 15:25:27 +1000
Andrej van der Zee wrote:
Hi, I was wondering if there is any way to deduct from a pcap-file that a server might be running out of port numbers? What signs/patterns should I look for?
How do you define running out of ports? Windows by default does not recognise the concept of well known and reserved ports, and limits max port to 4000. It takes registry changes to enforce sanity - reserve everything below 32768 and set max port to 49151 (not 65535 like you can on *nix which takes too much explaining). On *nixes you have to know how the TCP and UDP stacks are configured, and they are all different. I have two Linux box that use 32768-61000, four Solaris boxes that use 32768-65535 and umpteen AIX boxes that use 32000-61000. Andrew -- There's no point in being grown up if you can't be childish sometimes. -- Dr. Who ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- out of port numbers Andrej van der Zee (Aug 19)
- Re: out of port numbers Andrew Hood (Aug 19)
- Re: out of port numbers Andrej van der Zee (Aug 19)
- Re: out of port numbers Andrej van der Zee (Aug 22)
- Re: out of port numbers Andrej van der Zee (Aug 31)
- Re: out of port numbers Andrej van der Zee (Aug 19)
- Re: out of port numbers Andrew Hood (Aug 19)