Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] About transport name resolution with the new services file

From: Francois-Xavier Le Bail <fx.lebail@xxxxxxxxx>
Date: Sun, 19 Aug 2007 04:10:47 -0700 (PDT)
--- Andrew Hood <ajhood@xxxxxxxxx> wrote:

> Francois-Xavier Le Bail wrote:
> > --- Andrew Hood <ajhood@xxxxxxxxx> wrote:
> >>It it wasn't for Windows' broken behaviour in
> >>letting any port be
> >>ephemeral, that might make some sense.
> >>
> >>I have been forced to set registry values to make
> >>Windows behave more
> >>like *nix. Reserve all ports below 32768. Make
> >>ephemerals be 32768-49151.
> >>
> >>Windows Registry Editor Version 5.00
> >>
> >>
> > 
> >
>
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
> > 
> >
>
"ReservedPorts"=hex(7):31,00,2d,00,33,00,32,00,37,00,36,00,37,00,00,00,00,00
> > 
> >>"MaxUserPort"=dword:0000bfff
> >>
> >>Even that doesn't protect all "REGISTERED PORT
> >>NUMBERS". That would
> >>require setting "ReservedPorts" to be 1-49151, and
> >>"MaxUserPort" to
> >>something like 57344 (8192 available ephemerals)
> or
> >>61440 (12288
> >>available ephemerals).
> > 
> > 
> > Windows' broken behaviour ? It's the same with
> Linux
> > 2.4.27, 2.6.16, ...
> 
> I have several Linux, AIX, Solaris and HP-UX
> versions.
> 
> None of them by default allow ephemeral ports below
> 16384, and most of
> them do not allow ephemerals below 32768.

It's not always the case in Linux.

In the file 
linux-2.6.22.3/Documentation/networking/ip-sysctl.txt
We read :
-----
ip_local_port_range - 2 INTEGERS
        Defines the local port range that is used by
TCP and UDP to
        choose the local port. The first number is the
first, the
        second the last local port number. Default
value depends on
        amount of memory available on the system:
        > 128Mb 32768-61000
        < 128Mb 1024-4999 or even less.
-----
In any case, Wireshark must work with real systems not
only ideal systems.



       
____________________________________________________________________________________
Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow