Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
2
Replies

CSA and "ephemeral"

chris.poulin
Beginner
Beginner

‎08-03-2004 07:46 AM - edited ‎03-09-2019 08:17 AM

Does anyone have a more clear explanation about the difference between, for example, "TCP/ephemeral" and "TCP/1024-65535" in CSA? The only clear distinction in the help text is that "Ephemeral ports are treated as "port 0" for rule comparisons."

Labels:
0 Helpful
2 Replies 2

umedryk
Contributor
Contributor

‎08-09-2004 06:03 AM

Ephemeral is a separate entry. tdiflag=4 means it is an ephemeral port being used. The problem is the event tells you the actual port that is used even though the system designated an ephemeral port.

0 Helpful

chris.poulin
Beginner
Beginner
In response to umedryk

‎08-09-2004 05:28 PM

Thanks for your response, Ursula. But what does that mean functionally? What is the operational distinction between "ephemeral" and "TCP/1024-65535" (or UDP/1024-65535)?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents