Markus A. Radner wrote:
If you take a look at the following entry of my log file you will see that someone from source port 80 is connecting to (or trying to?) my local port 1077. So I am curious. Which software is running there, or at any other (high) port of interest? Is there any way to find out? (OK, I know that there's a list of ports and protocolls for low ports in /etc/protocolls; but what about higher ports?)
SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:a0:d1:d5:b4:3c:00:09:5b:a8:3e:c0:08:00 SRC=64.151.x.x DST=192.168.0.2 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=2083 PROTO=TCP SPT=80 DPT=1077 WINDOW=7504 RES=0x00 ACK URGP=0 OPT (0101080A91D5DF560015679A)
Again, this is the *answer* from the http server at 64.151.x.x, port 80. Basically (most times), tcp/udp services accept connections on low ports (<1024), and clients connect to these services using high ports (>1024). Return packets use the same connection (ports). Robbert