Re: Scanning for ports in use

[Rasmus Andersson <rasmus.andersson () abc se>]

If something is in use, it's the <myaddr>:<port> to
<remoteaddr>:<remoteport> that is in use. It's not relevant to just say
"the port is in use". So if I have a telnet session open with my source
port 1025, and you scan my port 1025, it is not in use! That is, it's not
in use to <youraddr>:<yourport>.

Think about the scenario where 5 users go through a webproxy and all of
them point their browser to the same web server. On the web server we now
have five sessions with the same local address and local port (80) and the
same remote address (the proxys'), but they differ in remote port. Now a
sixth user connects, and by coincidence he has the same source port as one
of the proxys' connections. So on the web server we now have yet another
connection with the same local address and local port 80, and also the
same remote port as another connection, but this time the remote address
is different.

/Rasmus


Juergen Schmidt wrote:

> Hello,
>
> has anybody ever tried, if there is a way to distinguish between ports
> currently in use (not listening, but for example as local port for an
> active telnet session) and unused port numbers. For example, do they
> react differently to "strange" packets ?
>
> bye, ju
>
> --
> Juergen Schmidt   Redakteur/editor  c't magazin
> Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover
> EMail: ju () ct heise de - Tel.: +49 511 5352 300 - FAX: +49 511 5352 417