14.11.3. Packet Filtering Characteristics of PPTP
PPTP negotiation takes place on TCP port 1723. The actual tunnel is based on GRE, which is IP protocol 47, and uses GRE protocol hexadecimal 880B (indicating that the tunneled packets are PPP). GRE is discussed further in Chapter 4, "Packets and Protocols ".
| Direction
|
Source Addr.
|
Dest. Addr.
|
Protocol
|
Source Port
|
Dest. Port
|
ACK Set
|
Notes
|
|---|---|---|---|---|---|---|---|
| In
|
Ext
|
Int
|
GRE
|
[37]
|
[37] | [38]
|
Tunnel data, external client to internal server
|
| Out
|
Int
|
Ext
|
GRE
|
[37] | [37] | [38] | Tunnel reply, internal server to external client
|
| In
|
Ext
|
Int
|
TCP
|
>1023
|
1723
|
[39]
|
Setup request, external client to internal server
|
| Out
|
Int
|
Ext
|
TCP
|
1723
|
>1023
|
Yes
|
Setup response, internal server to external client
|
| Out
|
Int
|
Ext
|
GRE
|
[37] | [37] | [38] | Tunnel data, internal client to external server
|
| In
|
Ext
|
Int
|
GRE
|
[37] | [37] | [38] | Tunnel reply, external server to internal client
|
| Out
|
Int
|
Ext
|
TCP
|
>1023
|
1723
|
[39]
|
Setup request, internal client to external server
|
| In
|
Ext
|
Int
|
TCP
|
1723
|
>1023
|
Yes
|
Setup response, external server to internal client
|
[37]GRE does not have ports. GRE does have protocol types, and PPTP is protocol type hexadecimal 880B.
[38]GRE has no ACK equivalent.
[39]ACK will not be set on the first packet (establishing connection) but will be set on the rest.
参考:http://www.unix.org.ua/orelly/networking_2ndEd/fire/ch14_11.htm
