Network services communicate through ports. Learn how ports work and what they do.
- [Instructor] When two computers communicate across the network, they need a way of making sure that information flows from somewhere to somewhere else. They do so using a connection each end of which is a socket. A socket is the term used to refer to a combination of an address and a port. While many network devices have what we might call physical ports that we plug ethernet cables into, the term port in IP networking refers to a designated, logical space where traffic or communication for a particular process or service is intended to go.
Ports are given numbers from zero to 65,535. This allows many services to listen and communicate on one network interface. The port numbers are divided into three general ranges. Zero through 1,023 is called the well-known ports range. 1,024 to 49,151 is called the registered ports range. And the ports above that are called dynamic. The first range of ports is where many common services run.
For example, SSH usually runs on port 22. HTTPS on 443 and TP on 123 and so on. To listen on these ports, a process needs super user access. Registered ports can be used by processes running on a system without super user access and are often used for things like running a development web server. And the dynamic range is the ports that a client can use to connect back to a server. Most, but not all, communications act like this with a client connecting from a dynamic port to a well-known or registered port on a server.
If your browser connects to a web server to view content, it'll open a connection from one of these high numbered ports to port 80 on the web server. For each port number, a process can listen using the TCP or UDP protocol. Most services use one protocol or the other, but some use both. A few apps can use both protocols on the same port, but many services that make use of both protocols use different port numbers for different protocols. It's no problem for one process to control more than one port.
Samba for example uses UDP ports 137 and 138, and TCP port 139 and 445. Any given port can only be used by one process at any given time though. So if you have something like SSH running on port 22 TCP, a different process can't use port 22 until the SSH service has stopped. Many of the well-known services use ports that don't conflict with each other in order to allow them to coexist on the same server.
Ports are generally specified in configuration files for a given service. Administrators will sometimes change what port processes run on either to allow more than one instance of a program to exist side by side as is often the case with development web servers or to try to hide a well-known service from people trying to find or exploit it. Ports are an important concept when it comes to network security. They're pretty fundamental to how firewall rules operate as we'll see in a little bit. And by exploring what ports are open on a system, we can get an idea of what software is running on it.
We'll take a look at that next.
- Name the tool that is often used to find out what ports are open on a remote server.
- Explain what a firewall will do without any additional configuration.
- Identify what you append a rule to in iptables.
- Explain what needs to be added to a site to allow the use of HTTPS.
- List the two components of a keypair.