Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

TCP Experts - help (tcp source port)

hello all,

v.quick one.

When a host initiates a TCP connection, does it always use a source port of GT 1023. Are there applications that could init a connection with a source port below 1023 in the reseved range?

Many thx indeed.


Re: TCP Experts - help (tcp source port)

generally that should be the case. I cannot think of a normal application that uses a source port below 1023 - most port scanning security utilities should have the functionality to specific any source port number that you want

Community Member

Re: TCP Experts - help (tcp source port)

in normal network operation it should

applications that "initiate" a session with a src port below 1023 are typically running a service on a PC or Server that has been hacked and "rooted"

thats why it is always good security practice to block outgoing TCP pkts (with the SYNchronization flag set) with src port below 1023.

TCP pkts with ONLY the combinations of SYN-ACK, ACK, PSH ACK, RST, FIN, and FIN-ACK's, should be ok though to let out under 1023 if you have servers on the inside of your network. These usually denote normal network operation (through traffic).

Don Garnett

CreatePlease to create content