I would like to know how a software firewall application receives and
can check all the packet intended for any port?

I mean Is there any special port on which all incoming data is
forwarded first? or Firewalls use something like port 0 to receive all
data? In anyway please explain in detail which port is used?

On Thu, 10 Jan 2008 17:43:41 -0800 (PST), securitylearner@gmail.com
wrote:

>I would like to know how a software firewall application receives and
>can check all the packet intended for any port?

What you are referring to is a local packet filter and it works by
injecting itself into the network stack.

>I mean Is there any special port on which all incoming data is
>forwarded first? or Firewalls use something like port 0 to receive all
>data? In anyway please explain in detail which port is used?

A port is just an abstract. It's nothing but a number contained in
specific network packets to help the system pass on the data to a
particular process on the computer.

Wikipedia uses the analogy of the IP address as a building and the
port number as a specific apartment or room within that building. Now
look at network packets as letters. The packet filter then looks at
and eventually discards incoming letters before they are distributed
to the specific departments. Somewhat okay analogy, but as always the
virtual world does not easily compare to the real. Even though a
protocol may allow for 65.536 port numbers - these don't "exist" until
used. Ports come and go dynamically.

http://en.wikipedia.org/wiki/Tcp_port

BTW, "software firewalls" mostly aren't needed.

<securitylearner@gmail.com> wrote in message
news:bed44781-c6a4-417c-8b5c-e8809aa9ac25@e10g2000prf.googlegroups.com...
>I would like to know how a software firewall application receives and
> can check all the packet intended for any port?
>
> I mean Is there any special port on which all incoming data is
> forwarded first? or Firewalls use something like port 0 to receive all
> data? In anyway please explain in detail which port is used?

What you have running on your computer is not a firewall. It's a machine
level packet filter. A FW will have at least two interfaces or NIC(s) if
it's a software FW running on a gateway computer. A FW sits at the junction
point between two networks. A FW protects from a network usually the
Internet, and it protects a network (computers on a LAN).

http://www.vicomsoft.com/knowledge/reference/firewalls1.html#5

This too may help you in understanding FW(s) and what is a FW and what is
not a FW.

http://www.more.net/technical/netserv/tcpip/firewalls/