Hello, a friend of
mine and I were doing some captures on a VoIP ATA device to find out which port
the TFTP client was using to connect to it´s TFTP Server (supposed to be 69),
but when we saw the capture we noticed that the capture showed a strange port as
source port, like 1134 or something (is not that one but something like that)
and the destination port was indeed 69, no I don´t get that, shouldn´t the
request come from the same por 69?, otherwise how can I set a firewall for
instance to block or allow that service in a network if the source port is
random or not 69?.
My friend
tells me that it seems logical and said that even Http would go out with any
source port from the computer but as destination por 80 for instance, then the
NAT does it´s job and expects the answer into that very port 80 from the web,
but then translated the port 80 into the source port (any port other than 80)
the original computer has for that request. All of that doesn´t seem logical to
me because I´ve set many firewalls up and I know that if I block port 69 from
LAN to WAN then nobody will be able to use TFTP for instance same for port 80
for HTTP and any other port, and the blocking can be from inside the network to
the outside or viceversa.
Can somebody please
clarify this to me?
We used a RJ-45
Grandstream ATA for VoIP, connected into a network card in a SUSE linux computer
and that same computer connected into the internet with another card, so
we could make the capture.
Thanks and sorry if
I am being too basic or if the questions seems stupid
:)
