06-27-2005 02:25 AM - edited 03-09-2019 11:40 AM
hi all
how to know that which kind of layer 4 service(tcp/udp) can be used based on a given port say from 0-65535
thanks
06-27-2005 02:34 AM
Are you trying to identify a service by its port number?
If so you can use IANA to do this:
http://www.iana.org/assignments/port-numbers
Or, have a look at the following database, its probably a little out of date
Another alternative is:
http://www.securitystats.com/tools/portsearch.php
HTH
Paddy
06-27-2005 03:19 AM
hi
i mean while using access list how can we decide which protocol to go about for tcp/udp..say we use tcp for 21(ftp)...
thanks
06-27-2005 05:10 AM
Hi there,
If you are using a IOS-based box, see this link (this is for 12.4):
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080430e5b.html
Here's an example:
!
access-list 100 permit tcp any host 192.0.2.20 eq 21
!
interface Serial0
ip access-group 100 in
!
If you are using a PIX-based (>6.2) box/blade, see this link (this is for 7.0):
Here's an example:
!
access-list inet-acl extended permit tcp any host 192.0.2.20 eq 21
!
access-group inet-acl in interface outside
!
06-28-2005 02:34 AM
hi
i mean how to choose tcp or udp based on the port...
06-28-2005 03:47 AM
You need to understand the protocol, have a look through the RFCs or similar. Alternatively add a specific "deny ip any any log" rule at the end of your ACL, this will log any packets that don't match your ACL permit statements showing you the protocol and port number that's been denied.
You can also set up a packet filter on a router by creating an access-list and then running a debug on the access list
# access-list 1 permit 1.1.1.1
# debug ip packet detail 1
# logging mon debug
# ter mon
This will display any packets passing through your router from IP address 1.1.1.1 so you can sniff the traffic and decipher which protocols/port numbers are being used.
HTH
Paddy
06-28-2005 06:54 AM
hi all
all the answers are out of the context what i had meant.my ques is how to use tcp or udp in an access list say for ex to deny ftp we use
access-list 10 deny tcp any host 102.1.1.1 eq ftp
here we've taken tcp.like this how to go cbout which service (tcp or udp) we should use for different
ports(0-65535)
06-28-2005 08:21 AM
I don't really understand your post then,
Are you asking how to use a service that is not defined as a well known service in an access-list (e.g. www, ftp, telnet etc..)
e.g. if you had a service using tcp and port 5000 it would be
# access-list 10 deny tcp any host 102.1.1.1 eq 5000
Is this what you mean?
Rgds
PJD
06-29-2005 08:54 AM
yes you are correct.the selection of tcp or udp ?
regards
07-01-2005 07:09 AM
Ok...
Here are some facts:
- Both TCP and UDP can use ports in the range 0-65535.
- There doesn't exist any way in the ACL's to specify a port without also specifying WHICH protocol this belongs to.
So..
If you want to select TCP-ports 5000 and 60000 as the destination on a incoming ACL, it would read like this:
access-list 100 permit tcp any any eq 5000
access-list 100 permit tcp any any eq 60000
And likewise for UDP/5000 and UDP/60000:
access-list 100 permit udp any eq 5000 any
access-list 100 permit udp any eq 60000 any
If you want to specify the TCP-port 3389 as the source port on a incoming ACL, it would read like this:
access-list 100 permit tcp any eq 3389 any
And likewise for UDP/3389:
access-list 100 permit udp any eq 3389 any
You can also combine the source and destination ports (source UDP/5000 to destionation UDP/6000):
access-list 100 permit udp any eq 5000 any eq 6000
And you can put in ranges of ports (source ports are all UDP-ports from 5000 to 6000):
access-list 100 permit udp any range 5000 6000 any
Or destination is all TCP-ports over 1023:
access-list 100 permit tcp any any gt 1023
You really should use the "?" character when you try to define your ACL's to see which options you can use. Do a "access-list 100 permit " and enter a question-mark and you will get a list of options... fill you what you want to use as well as a trailing space-character and question-mark.. and go on and on.. :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide