![]() Depending on network routing, a packet to B's address may actually arrive through interface A, but it will still match a socket bound to B's address. TCP/UDP ports are not associated with interfaces, but with local IP addresses. Usually different interfaces have different ports which means if NIC A and NIC B both have port C open, then, A's C and B's are different things. There are no protocol states to be shown because UDP doesn't have any (unlike TCP which has an actual state machine).Īlthough a UDP socket can be bound to a remote address:port, this is a local operation and doesn't change anything about how the protocol behaves it's always in the same state.īut if those were TCP sockets with a state, roughly 5-6 of them would be "LISTENING" while the rest (all the dns.exe sockets) would most likely be "ESTABLISHED" as they resulted from an outbound query. However, it doesn't have LISTENING but I guess it's open in this case. Thus, it's a socket waiting to be connected. The student might have been talking about ephemeral ports, then (which won't show in netstat) – however, 2500 isn't the correct number of ephemeral ports either the port range happens to be documented here and here: Most commonly, "port is open" means that a program has a socket bound to it, and is waiting to receive packets on that port (which would be shown in netstat) – therefore it is not available as an ephemeral port, even if it would normally be within the range.īut as you can see from your netstat output, there are far fewer than 2500 sockets having "open" ports (and only 6 of them are truly listening for requests, the others are temporary sockets that sent out a request and are waiting for a DNS single response each), so it's unlikely that this is what your student meant. It's unclear what the student meant by "open", or what sources they have for that claim. Thus, if some ephemeral port is used within 2500 open udp ports Yesterday, I chatted with one PhD student in my group and he told me that windows has 2500 open udp ports. ![]() ![]() However, the A record is sent just before the ICMP. So I sent a DNS query to Windows but I also got ICMP port unreachable. I sent a udp packet to 53162 and Windows sent back a UDP packet and ICMP port unreachableīased on Daniel's comment, it seems that the port is opened because of dns.exe. These ports showed in the terminal seem not open I'll do some checks on my own later but I also would like to hear some points related to it. For the 2,500 open udp ports, if the server sends out a UDP packet, will the system only use one of them as the ephemeral port?.Are these ports available for all NICs permanently? or if some socket is used for some service, this port is used specifically for that NIC. But from the output, we can see that windows also provide port for that is shared for all NICs. Usually different interfaces have different ports which means if NIC A and NIC B both have port C open, then, A's C and B's are different things.Right now, I have the following questions: The first *, in *:*, means connections can come from any IP address, and the second *, in *:*, means the connection can originate from any port on the remote machine. ![]() The total amount is about 2k.įrom spec 0.0.0.0 means the port is listening on all interfaces. This is just part of what my terminal showed. I had never heard of that before so I did some checking in my own environment and found out this: ![]() Thus, if some ephemeral port is used within 2500 open UDP ports, it'll be difficult for attack to be able to know which port is used since they are all open. I chatted with one PhD student in my group and he told me that Windows has 2,500 open UDP ports. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |