Sheepykins
Daemon Poster
- Messages
- 556
- Location
- Worcestershire, England
Hello,
Recently been experimenting with IPS/IDS devices and currently I have a snort sensor setup mirroring a VLAN from a switch.
Just a quick question about port numbers really, as i come to understand it... connections outgoing from a client to say a webserver would generally have a high port connecting to a low port (such as DNS or HTTP)
Is this the right way of thinking?
Also I noticed that when I attempted to look at a video on the tube of you! it would generate an FLV etc signature with my IP as the target + random highport and youtube as the source on 80.. which confuses me.
Anyone have more expertise with this?
Much obliged
Recently been experimenting with IPS/IDS devices and currently I have a snort sensor setup mirroring a VLAN from a switch.
Just a quick question about port numbers really, as i come to understand it... connections outgoing from a client to say a webserver would generally have a high port connecting to a low port (such as DNS or HTTP)
Is this the right way of thinking?
Also I noticed that when I attempted to look at a video on the tube of you! it would generate an FLV etc signature with my IP as the target + random highport and youtube as the source on 80.. which confuses me.
Anyone have more expertise with this?
Much obliged