Security
Parts of a filter
A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the following attributes:
■The source IP address (where the packet was sent from)
■The destination IP address (where the packet is going)
■The type of
Port numbers
A filter can also match a packet’s port number attributes, but only if the filter’s protocol type is set to TCP or UDP, since only those protocols use port numbers. The filter can be configured to match the following:
■The source port number (the port on the sending host that originated the packet)
■The destination port number (the port on the receiving host that the packet is destined for)
By matching on a port number, a filter can be applied to selected TCP or UDP services, such as Telnet, FTP, and World Wide Web. The following tables show a few common services and their associated port numbers:
Internet service | TCP port | Internet service | TCP port |
|
|
|
|
|
|
|
|
FTP | 20/21 | Finger | 79 |
|
|
|
|
Telnet | 23 | World Wide Web | 80 |
|
|
|
|
SMTP (mail) | 25 | News | 144 |
|
|
|
|
Gopher | 70 | rlogin | 513 |
|
|
|
|
|
|
|
|
Internet service | UDP port | Internet service | UDP port |
|
|
|
|
|
|
|
|
Who Is | 43 | AppleTalk Routing | 202 |
|
| Maintenance |
|
|
|
|
|
World Wide Web | 80 | AppleTalk Name Binding | 202 |
|
|
| |
|
|
|
|
SNMP | 161 | AURP (AppleTalk) | 387 |
|
|
|
|
TFTP | 69 | who | 513 |
|
|
|
|
