Appendix A. Well-Known Protocol and Port Numbers
This appendix presents tables of well-known TCP/IP information that can be used in firewall configuration. Only the protocol and port numbers that have corresponding Cisco firewall configuration keywords are shown. These tables should provide a quick reference when you need a keyword or when you need to decipher other information from a keyword given by the firewall.
Tip
All well-known or assigned TCP/IP information is registered with the Internet Assigned Numbers Authority (IANA). For the most current number assignment information, go to http://www.iana.org/numbers.htm.
Another very handy source of networking information is the RFC Sourcebook, maintained by Network Sorcery, Inc. This website is a one-stop quick reference directory for RFCs, IP protocols, UDP and TCP ports, and more. You can find it at http://www.networksorcery.com/enp/default.htm.
A-1 IP Protocol Numbers
A higher-layer protocol is identified with an 8-bit field called Protocol in an IPv4 packet. Figure A-1 shows the IPv4 packet header format, with the Protocol field shaded.
Figure A-1 IPv4 Header Format Showing the Protocol Field
Cisco firewalls have keywords that can be used to specify certain IP protocols in access lists. These keywords are shown along with the IP protocol numbers in Table A-1.
Table A-1 Cisco Firewall Keywords for IP Protocols
A-2 ICMP Message Types
Internet Control Message Protocol (ICMP) is used to transport error or control messages between routers and other devices. An ICMP message is encapsulated as the payload in an IP packet, as shown in Figure A-2. This information appears immediately following the IP header. Many of the ICMP message types also have a code number that can be used. The code field further specifies how the message type should be applied when it is received. Cisco firewalls cannot use the code field in access lists, so that information is not presented here.
Figure A-2 ICMP Message Format
Notice that in the case of an error condition, the first 8 bytes (64 bits) of the original datagram causing the error are included in the ICMP message. This provides the protocol and port numbers of the original message to be seen, making troubleshooting easier.
ICMP message type codes are registered with the IANA and can be found at http://www.iana.org/numbers.htm.
Table A-2 is a complete list of ICMP message types. It is reproduced with permission from the IANA. The Cisco firewall keywords were added to this list for quick reference.
Table A-2 Well-Known ICMP Message Types
A-3 IP Port Numbers
Transport layer protocols identify higher-layer traffic with 16-bit fields called port numbers. A connection between two devices uses a source port and a destination port, both contained in the protocol data unit. Figure A-3 shows the User Datagram Protocol (UDP) header format, with the source and destination port fields shaded. Figure A-4 shows the Transmission Control Protocol (TCP) header format, with the source and destination port fields shaded.
Figure A-3 UDP Datagram Format Showing Port Fields
Figure A-4 TCP Segment Format Showing Port Fields
Both UDP and TCP use port numbers that are divided into the following ranges:
• Well-known port numbers (0 through 1023)
• Registered port numbers (1024 through 49151)
• Dynamic or private port numbers (49152 through 65535)
Usually, a port assignment uses a common port number for both UDP and TCP. A connection from a client to a server uses the well-known port on the server as a service contact port, while the client is free to dynamically assign its own port number. For TCP, the connection is identified by the source and destination IP addresses, as well as the source and destination TCP port numbers.
Cisco firewalls have keywords that can be used to specify certain IP ports in access lists. Table A-3 shows these keywords, along with the IP port numbers.
Table A-3 Cisco Firewall Keywords for IP Ports
