From owner-freebsd-security  Fri May 10  8:41:13 2002
Delivered-To: freebsd-security@freebsd.org
Received: from sub21-156.member.dsl-only.net (sub21-156.member.dsl-only.net [63.105.21.156])
	by hub.freebsd.org (Postfix) with ESMTP id 0DAFB37B403
	for <security@freebsd.org>; Fri, 10 May 2002 08:41:08 -0700 (PDT)
Received: from sub21-156.member.dsl-only.net (freebsd.localhost.localdomain [127.0.0.1])
	by sub21-156.member.dsl-only.net (8.11.6/8.11.6) with SMTP id g4AFkrp76185;
	Fri, 10 May 2002 08:47:06 -0700 (PDT)
	(envelope-from nkinkade@dsl-only.com)
Date: Fri, 10 May 2002 08:46:53 -0700
From: Nathan Kinkade <nkinkade@dsl-only.com>
To: Sam Drinkard <sam@wa4phy.net>
Cc: security@freebsd.org
Subject: Re: Second request Talk ports/sockets
Message-Id: <20020510084653.51d1ba8e.nkinkade@dsl-only.com>
In-Reply-To: <3CDBCDFC.75062339@vortex.wa4phy.net>
References: <3CDBCDFC.75062339@vortex.wa4phy.net>
X-Mailer: Sylpheed version 0.7.4claws (GTK+ 1.2.10; i386-portbld-freebsd4.5)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, 10 May 2002 09:41:16 -0400
Sam Drinkard <sam@wa4phy.net> wrote:

> Since tightening up the firewall, my talk (from internal, not network)
> is broken.  I can't seem to figure out what ucp/tcp port(s) to open to
> allow the talk utility to work.  Looking at the source code didn't
> help much either, but reference to sockets was mentioned.  Once a user
> logs in, does the talk utility not use the localhost address for
> connections?

The port for talk is 517.
The port for ntalk is 518.

I first found this out by launching ethereal (a network protocol
analyzer that's in the ports collection).  Then I attempted to launch a
talk session with a non-existent host just to see some traffic.  A quick
review of the captured packets showed that my machine was attempting to
communicate using ntalk on UDP port 518.

I then did a quick search on Google for 'ntalk tcp port number'.  The
very first returned hit revealed the following.

talk            517/tcp    like tenex link, but across
#                          machine - unfortunately, doesn't
#                          use link protocol (this is actually
#                          just a rendezvous port from which a
#                          tcp connection is established)
talk            517/udp    like tenex link, but across
#                          machine - unfortunately, doesn't
#                          use link protocol (this is actually
#                          just a rendezvous port from which a
#                          tcp connection is established)
ntalk           518/tcp
ntalk           518/udp

Further, a quick browse through /etc/services revealed exactly the same
text as above.  Presumably that's where the site got the information in
the first place.

There are plenty of ways to figure out information like this....it just
requires that you think about it for a minute.  The Google search engine
is invaluable...and then again, as demonstrated above, often the info
lies right on your own computer.  Hope this helps. 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message