Join Mark Jacob for an in-depth discussion in this video Understanding port numbers, part of Exploring the Packet Delivery Process.
- Today we're going to be talking about port numbers. You might call it the 50,000 foot view of port numbers. And if you're a network admin, you've probably had some acquaintance with them already. There are 65,535 port numbers and of that number, the first 1,024 are known as well-known ports. Which kind of always makes me smile because have you ever met anybody that actually knew all 1,024 of them? Well, they're well known. You're supposed to know them.
No, not really. But there are a few that you probably want to commit to memory. So, let's make a kind of a list here of what I might consider to be the important ones. And we'll break it up by category. Let's look at for instance, TCP. Remember that from the TCP, UDP discussion? Where are we in the OSI model if we're talking about TCP? We're at layer four, right? Transport layer. So here TCP, port numbers are what we're talking about. Let's put some in here.
Let's go with 20 and 21 and say those are associated with FTP. Continuing down since we're going in numerical order, kinda kinda. 22, secure shell. 23, telnet. While we're on the topic of telnet, perhaps you use telnet in your organization to manage some of your devices remotely so you don't have to have a 5,000 foot long console cable or however you manage your devices.
But a note to keep in mind about telnet, and especially if you also have some acquaintances with Wireshark, you realize that if you have passwords on your devices to control who accesses them but you're connecting to it via telnet, you are sending those passwords across the wire in clear text. So if somebody's monitoring... "We were monitoring that transaction "you just interfaced." Quote quote from a movie. Then they're going to capture that information. So not very secure. In which case, instead of 23, you want to be on port 22, secure shell.
Another one, 25. Simple Mail Transport Protocol. If you send emails, you're using port 25. Let's see, what's another one that might be in this column? Oh, let's drop all the way down to 80. That's one whether you like it or not, you're probably familiar with. HTTP, web traffic, the world wide web. Port 80. Let's see here, let's add one more. Port 443, which is secure HTTP. So that's just a quick list. Like I say, there are many more, but if you want to commit some to memory, that's probably a good place to start.
And, since we're making a category, let's add another category over here. We'll call it UDP and let's put some numbers in here. Let's say one probably comes to mind right away, 53. DNS, domain name service. Something about port 53 depending on which text you look at, well, not even depending on it, it's just how it's broken up, there are some aspects of DNS, port 53 that are TCP related. In fact, sometimes when you see it listed there's kind of like a fork there where like, one leg of DNS is in UDP and one leg of DNS is in TCP.
Nevertheless, we'll put it here just for our category purposes. Let's see here, what's another one? We talked about FTP. How about TFTP? Trivial File Transfer Protocol. Keep in mind since we're talking about UDP here we're thinking of that discussion where the difference between TCP and UDP. UDP is not connection oriented. It's not considered reliable. In other words, you just spray it out there and if somebody hears, great. They don't acknowledge that they heard it. If there are drops, you don't care.
You just keep right on going. So that's UDP. Trivial File Transfer Protocol. Now that's not to say that if I'm trying to transfer a file and it's unreliable, half the file is not going to arrive. No, you can use TFTP in your network and find out that most of the time the whole file arrives all just fine. Let's see here, what's another one? If you're using external time source in your organization. Well, we'll actually put what it is. NTP, Network Time Protocol. NTP, Network Time Protocol.
This comes into play where if you want valid time stamps. If you're monitoring your network traffic but you need valid time stamps instead of, "Well I just set all my times manually. "It's about 12:30..." No, you want to have valid time stamps in your organization especially if a situation arises where there has to be a forensic investigation of your network data. If you have manually set time, just throw the whole thing out. No, you want valid time stamps in your organization. In fact, just out of curiosity, I have a command prompt up here.
Well let's check something. Let's put this away so we don't lose it. Let's do a netstat minus A. First of all, let's see what's running. I got a bunch of stuff running here. Notice down here I do have UDP and let me focus in on it. And I notice that I do have port number 123 lit up. So this box is headed out and looking for valid time information. So that's just a quick way.
You actually can have quite a bit of fun with the netstat command, perhaps using... In fact, let me show you another one. I'll do a netstat and just the up arrow minus A O. Where it shows me the owning process. So if I come back up to the top of this notice I have over here, PID, Process ID. If I go to my task manager, in fact, if you install Windows with the default choices, your task manager is going to look pretty much like I have it on screen here.
Now I just took out, because I've modified it in the past, and the modification is non-standard, so let's make it standard, what it is now. So if I had just turned this on now with the default settings of a Windows install, this is what it would look like. And I want to go in here and I want to select Process ID. Ding ding ding! Now, notice I have this column here, Process ID. Let me scroll back up here and notice the little arrow there. I'm sorting this by Process ID. So you'll notice that the numbers are increasing from smaller to larger. And I have some numbers here.
Let's kind of bring this over and compare it to what's on the side over here. I got a bunch of 1484s for example. Well I can look over here and find out that 1484 is Notebook. Well, Notebook is what's running. Down here it will allow me to move my slides if I want to. What's another one? 4976 is over here. Let's see if that's on my list. 4976, browser process. So it enables you to be able to track which port numbers are in use, what are they connected to, what are they associated with.
Let's go ahead and add to our list here. Another one that you might be familiar with which doesn't really have so much as a port number as a protocol type, ECHO and ECHO Reply. So if you're thinking about doing troubleshooting in your network, perhaps a more common way to think about this is, "That's like a ping message, right?" Yeah, I want to know am I getting all the way to the destination and getting an answer back. ECHO and ECHO Reply.
And in the last piece, if you're thinking of the giant umbrella that encompasses all of this, we'll say IP, and I'll just write ALL for lack of space here, but like I say, it's kinda like a the big IP umbrella that covers up all of this, TCP, UDP, ICMP is all subcomponents of the overall IP protocol sweep. So what's cool is I was mentioning if you use the netstat minus A O, you can use a task manager and make sure that you include in the view the Process ID.
You can, again, make those associations and you can have, especially if you're using Wireshark, if you're starting to get familiar with that, excellent tool, free download for troubleshooting. It enables you to have a granular view of what's going on in your network and like I say, this is just a brief overview and you can delve much deeper if you wish to into the concept of port numbers. Now if you want to have one last comment about port numbers that you want to take away from this is let's say we'll focus back in here on port 80.
Let's say I put together a web server, for example. A microsoft webserver. I'm running it. In fact, you think back to the early days when you installed Windows Operating System, pretty much everything was on by default. And as a security suggestion or to kind of lock things down now if you install a server operating system the most recent ones pretty much everything is shut off by default. I mean, you can't even play music unless you go in and enable desktop experience.
So it shut everything off and you turn on what you want to turn on. So that goes back to our discussion here. If I'm going to set up a web server what's going to happen is I want to make sure that it's listening on port 80. In other words, if I'm sending traffic to that web server I am sending traffic to a destination port of port 80. And it's listening on port 80. It's like, "Uh-oh, that's for me." And it answers back. So like I say, just a brief run-down of port numbers and how they have meaning in your network.