Why o Why

No, it begins with port 0

Quote:

---

Port 0
Port 0 is officially a reserved port in TCP/IP networking, meaning that it should not be used for any TCP or UDP network communications.

However, port 0 sometimes takes on a special meaning in network programming, particularly Unix socket programming. In this environment, port 0 is a programming technique for specifying system-allocated (dynamic) ports.

Instead of "hard-coding" a particular port number, or writing code that searches for an open port, Unix programmers simply specify port 0 as a connection parameter. That triggers the operating system to automatically search for and return the next available port in the dynamic port number range.

This programming technique does not work the same way in Microsoft Windows as it does in Unix.

---

SOURCE: http://compnetworking.about.com/libr.../blports_0.htm


slick

Without a port 0 there would actually be only 65535 ports, which is 2^16-1. As most things in computers and programming, things start at 0, because of the binary value [all 0s].

16 bits of precision is a range of -32767 to 32768. Integers of greater precision (32 bits) are required to display the port number, however it is still only 16bits of precision in terms of the number of numbers in the range.

chsh, unsigned 16 bit integer?
Cheers,
cgkanchi

I havent heard like port 0 yet.......is it remotely linked to promiscous mode,,, but i guess that has to do with IP addresses and not port nos.....

Regards

Kalp

i found a few very interesting facts abt Port 0 and OS Fingerprinting

Quote:

---

Port 0 OS Fingerprinting
As port 0 is reserved for special use as stated in RFC 1700. Coupled with the fact that this port number is reassigned by the OS, no traffic should flow over the internet use this port. As the specifics are not clear different OS's have, different ways of handling traffic using port 0 thus they can be fingerprinted.

Port 0 fingerprinting consists of seven tests. The tests are labeled P1 - P7 below.

P1: send tcp packet from source port 0 to port 0
P2: send tcp packet from source port X to port 0
P3: send tcp packet from source port 0 to open port
P4: send tcp packet from source port 0 to closed port
P5: send udp packet from source port 0 to port 0
P6: send udp packet from source port 53 to port 0
P7: send udp packet from source port 0 to closed port

Port X in test P2 is any port not equal to 0. Port 53 is used in test P6 as it is most likely to bypass a firewall configuration.

The standard reply expected to P1, P2 and P4 should be a RST packet as the port should be closed.

The standard reply to P3 should be SYN ACK as the port is open and port 0 is a valid port as described above.

The standard reply to P5, P6 and P7 should all be ICMP port unreachable as UDP port 0 / closed port should not have a program listening on it.

Although port 0 is a valid port number various OS's handle port 0 differently.

Results
Below are a few example fingerprints. The entire list can be found at the end of the paper.

Fingerprint OpenBSD 3.2/3.3
P1(Resp=Y%Flags=AR)
P2(Resp=Y%Flags=AR)
P3(Resp=N)
P4(Resp=Y%Flags=AR)
P5(Resp=N)
P6(Resp=N)
P7(Resp=Y)

Notice that OpenBSD has a cool feature / bug whereby it does not allow incoming connections from source port 0 (test P3)

Fingerprint Linux
P1(Resp=Y%Flags=AR)
P2(Resp=Y%Flags=AR)
P3(Resp=Y%Flags=AS)
P4(Resp=Y%Flags=AR)
P5(Resp=Y)
P6(Resp=Y)
P7(Resp=Y)

Unfortunately, both MS Windows 2000 and Linux have the same port 0 fingerprint, replying to all 7 tests.

Recommendations
Although port 0 is a valid TCP / UDP port number, it is highly recommend that one should block any traffic using this port at your firewall. No program should be listening on port 0 and no program should connect from port 0 thus, it should be blocked.
Port 0 fingerprinting can be tested using the gobbler-2.0.1-alpha available from http://www.networkpenetration.com or http://gobbler.sourceforge.net

---

Quote:

---

List of Port 0 Fingerprints
::::::::::::::::::::::::::::::

Fingerprint Mac OSX
P1(Resp=Y%Flags=AR)
P2(Resp=Y%Flags=AR)
P3(Resp=Y%Flags=AS)
P4(Resp=Y%Flags=AR)
P5(Resp=N)
P6(Resp=N)
P7(Resp=Y)

Fingerprint Gobbler 2.0 Alpha
P1(Resp=Y%Flags=AR)
P2(Resp=Y%Flags=AR)
P3(Resp=Y%Flags=AS)
P4(Resp=Y%Flags=AR)
P5(Resp=N)
P6(Resp=N)
P7(Resp=Y)

Fingerprint Linux
P1(Resp=Y%Flags=AR)
P2(Resp=Y%Flags=AR)
P3(Resp=Y%Flags=AS)
P4(Resp=Y%Flags=AR)
P5(Resp=Y)
P6(Resp=Y)
P7(Resp=Y)

Fingerprint MS Windows 2000
P1(Resp=Y%Flags=AR)
P2(Resp=Y%Flags=AR)
P3(Resp=Y%Flags=AS)
P4(Resp=Y%Flags=AR)
P5(Resp=Y)
P6(Resp=Y)
P7(Resp=Y)

Fingerprint VMS on Alpha
P1(Resp=Y%Flags=AR)
P2(Resp=Y%Flags=AR)
P3(Resp=Y%Flags=AS)
P4(Resp=Y%Flags=AR)
P5(Resp=Y)
P6(Resp=Y)
P7(Resp=Y)

Fingerprint OpenBSD 3.2 or 3.3
P1(Resp=Y%Flags=AR)
P2(Resp=Y%Flags=AR)
P3(Resp=N)
P4(Resp=Y%Flags=AR)
P5(Resp=N)
P6(Resp=N)
P7(Resp=Y)

Fingerprint SunOS 5.6 (can someone confirm please)
P1(Resp=N)
P2(Resp=N)
P3(Resp=Y%Flags=AS)
P4(Resp=Y%Flags=AR)
P5(Resp=N)
P6(Resp=N)
P7(Resp=Y)

Fingerprint MS NT Server 4 (Service pack ?) with checkpoint ?
P1(Resp=N)
P2(Resp=N)
P3(Resp=Y%Flags=AS)
P4(Resp=Y%Flags=AR)
P5(Resp=N)
P6(Resp=N)
P7(Resp=Y)

---