Hi! I have two general questions about ports/sockets: Is an open socket (listed in Port Explorer as "listening UDP - local address 192.168.253.100/1030 (my pc) - remote 194.8.194.60/53 (netcologne.de/DNS)" really fixed to the remote the IP? What happens if any other ip sends data to this open port? - In case it will be ignored, who ignores it? The Windows TCP/IP-Stack or will the data get dropped by the program which opened the port? I have a Palm and the program (hotsync.exe) who syncs the data between the handheld and my pc opens a udp port listening at local address 0.0.0.0/14237 and remote *.*.*.*/* ... what does that mean? Is it an half open port (maybe the socket creation process is not completed?) where only the local part defined is? Can any IP/Port send Data to it? Im a little bit confused about that... Thanks in advance!
Hi krutz ...welcome to Wilders Your example would appear to be a valid DNS request by your system. Your system initiated the DNS request using local port 1030 to remote address 194.8.194.60 on remote service/port 53 (DNS). The local port on your system would be "fixed" to this remote address and port as long as it takes for the established DNS querry to finish. Once the established connection is finished the local port (1030) is closed. If you have a firewall in place, any unsolicited packets and those not part of a valid connection would be dropped/blocked. hotsync.exe is acting as a server on your system and opened UDP port 14237 in order to listen for inbound connections from the Palm. If your system is not protected by a firewall, this UPD port would be open to the network (Internet), and vulnerable to any exploits hotsync.exe may have. Regards, CrazyM
Great Answer Crazy M Port Explorer is one very good user friendly tool, certainly helped me understand a lot more about the pitfalls of open connections and other port interactions.
