Hubbry Logo
Port (computer networking)Port (computer networking)Main
Open search
Port (computer networking)
Community hub
Port (computer networking)
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Port (computer networking)
Port (computer networking)
Port (computer networking)
View on Wikipedia
from Wikipedia

In computer networking, a port is a communication endpoint. At the software level within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port is uniquely identified by a number, the port number, associated with the combination of a transport protocol and the network IP address. Port numbers are 16-bit unsigned integers.

The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). The port completes the destination and origination addresses of a message within a host to point to an operating system process. Specific port numbers are reserved to identify specific services so that an arriving packet can be easily forwarded to a running application. For this purpose, port numbers lower than 1024 identify the historically most commonly used services and are called the well-known port numbers. Higher-numbered ports are available for general use by applications and are known as ephemeral ports.

Ports provide a multiplexing service for multiple services or multiple communication sessions at one network address. In the client–server model of application architecture, multiple simultaneous communication sessions may be initiated for the same service.

Port number

[edit]

For TCP and UDP, a port number is a 16-bit unsigned integer, thus ranging from 0 to 65535. For TCP, port number 0 is reserved and cannot be used, while for UDP, the source port is optional and a value of zero means no port. A process associates its input or output channels via an internet socket, which is a type of file descriptor, associated with a transport protocol, a network address such as an IP address, and a port number. This is known as binding. A socket is used by a process to send and receive data via the network. The operating system's networking software has the task of transmitting outgoing data from all application ports onto the network, and forwarding arriving network packets to processes by matching the packet's IP address and port number to a socket. For TCP, only one process may bind to a specific IP address and port combination. Common application failures, sometimes called port conflicts, occur when multiple programs attempt to use the same port number on the same IP address with the same protocol.

Applications implementing common services often use specifically reserved well-known port numbers for receiving service requests from clients. This process is known as listening, and involves the receipt of a request on the well-known port, potentially establishing a one-to-one server-client dialog, using this listening port. Other clients may simultaneously connect to the same listening port; this works because a TCP connection is identified by a tuple consisting of the local address, the local port, the remote address, and the remote port.[1] The well-known ports are defined by convention overseen by the Internet Assigned Numbers Authority (IANA). In many operating systems, special privileges are required for applications to bind to these ports because these are often deemed critical to the operation of IP networks. Conversely, the client end of a connection typically uses a high port number allocated for short-term use, therefore called an ephemeral port.

Common port numbers

[edit]

IANA is responsible for the global coordination of the DNS root, IP addressing, and other protocol resources. This includes the registration of commonly used TCP and UDP port numbers for well-known internet services.

The port numbers are divided into three ranges: the well-known ports, the registered ports, and the dynamic or private ports.

The well-known ports (also known as system ports) are those numbered from 0 through 1023. The requirements for new assignments in this range are stricter than for other registrations.[2]

Notable well-known port numbers
Number Assignment
20 File Transfer Protocol (FTP) Data Transfer
21 File Transfer Protocol (FTP) Command Control
22 Secure Shell (SSH) Secure Login
23 Telnet remote login service, unencrypted text messages
25 Simple Mail Transfer Protocol (SMTP) email delivery
53 Domain Name System (DNS) service
67, 68 Dynamic Host Configuration Protocol (DHCP)
80 Hypertext Transfer Protocol (HTTP) used in the World Wide Web
110 Post Office Protocol (POP3)
119 Network News Transfer Protocol (NNTP)
123 Network Time Protocol (NTP)
143 Internet Message Access Protocol (IMAP) Management of digital mail
161 Simple Network Management Protocol (SNMP)
194 Internet Relay Chat (IRC)
443 HTTP Secure (HTTPS) HTTP over TLS/SSL
546, 547 DHCPv6 IPv6 version of DHCP

The registered ports are those from 1024 through 49151. IANA maintains the official list of well-known and registered ranges.[3]

The dynamic or private ports are those from 49152 through 65535. One common use for this range is for ephemeral ports.

Network behavior

[edit]

Transport-layer protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP), transfer data using protocol data units (PDUs). For TCP, the PDU is a segment, and for UDP it is a datagram. Both protocols use a header field for indicating the source and destination port numbers. The port numbers are encoded in the transport protocol packet header, and they can be readily interpreted not only by the sending and receiving hosts but also by other components of the networking infrastructure. In particular, firewalls are commonly configured to differentiate between packets based on their source or destination port numbers. Port forwarding is an example application of this.

Port scanning

[edit]

The practice of attempting to connect to a range of ports in sequence on a single host is commonly known as port scanning. This is usually associated either with malicious cracking attempts or with network administrators looking for possible vulnerabilities to help prevent such attacks. Port connection attempts are frequently monitored and logged by hosts. The technique of port knocking uses a series of port connections (knocks) from a client computer to enable a server connection.

Examples

[edit]

An example of the use of ports is the delivery of email. A server used for sending and receiving email generally needs two services. The first service is used to transport email to and from other servers. This is accomplished with the Simple Mail Transfer Protocol (SMTP). A standard SMTP service application listens on TCP port 25 for incoming requests. The second service is usually either the Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP), which is used by email client applications on users' personal computers to fetch email messages from the server. The POP service listens on TCP port number 110. Both services may be running on the same host computer, in which case the port number distinguishes the service that was requested by a remote computer, be it a user's computer or another mail server.

While the listening port number of a server is well defined (IANA calls these the well-known ports), the client's port number is often chosen from the dynamic port range (see below). In some applications, the clients and the server each use specific port numbers assigned by the IANA. A good example of this is DHCP in which the client always uses UDP port 68 and the server always uses UDP port 67.

Use in URLs

[edit]

Port numbers are a component in web or other uniform resource locators (URLs), but are omitted in most cases. By default, HTTP uses port 80 and HTTPS uses port 443, but a URL like http://www.example.com:8080/path/ specifies that the web browser connects to port 8080 of the HTTP server, instead of the default value.

History

[edit]

The concept of port numbers was established by the early developers of the ARPANET in informal cooperation of software authors and system administrators. The term port number was not yet in use. It was preceded by the use of the term socket number in the early development stages of the network. A socket number for a remote host was a 40-bit quantity.[4] The first 32 bits were similar to today's IPv4 address, but at the time, the most-significant 8 bits were the host number. The least-significant portion of the socket number (bits 33 through 40) was an entity called Another Eightbit Number, abbreviated AEN.[5] Today, network socket refers to a related but distinct concept, namely the internal address of an endpoint used only within the node.

On March 26, 1972, Vint Cerf and Jon Postel called for documenting the then-current usages and establishing a socket number catalog in RFC 322. Network administrators were asked to submit a note or place a phone call, "describing the function and socket numbers of network service programs at each HOST".[6] This catalog was subsequently published as RFC 433 in December 1972 and included a list of hosts and their port numbers and the corresponding function used at each host in the network. This first registry function served primarily as documentation of usage and indicated that port number usage was conflicting between some hosts for "useful public services".[5] The document promised a resolution of the conflicts based on a standard that Postel had published in May 1972 in RFC 349, in which he first proposed official assignments of port numbers to network services and suggested a dedicated administrative function, which he called a czar, to maintain a registry.[7] The 256 values of the AEN were divided into the following ranges:

AEN ranges
Port number range Assignment
0 through 63 Network-wide standard functions
64 through 127 Host-specific functions
128 through 239 Reserved for future use
240 through 255 Any experimental function

The Telnet service received the first official assignment of the value 1. In detail, the first set of assignments was:[7]

Port assignments in RFC 349
Port number Assignment
1 Telnet
3 File transfer
5 Remote job entry
7 Echo
9 Discard

In the early ARPANET, the AEN was also called a socket name,[8] and was used with the Initial Connection Protocol (ICP), a component of the Network Control Protocol (NCP).[9] NCP was the forerunner of the modern Internet protocols. Today, the terminology service name is still closely connected with port numbers, the former being text strings used in some network functions to represent a numerical port number.

See also

[edit]

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Port (computer networking)

View on Grokipedia
from Grokipedia
In computer networking, a port is a 16-bit unsigned ranging from 0 to 65535 that identifies a specific process or service on a networked host, enabling the and demultiplexing of data streams in protocols such as TCP and UDP. Ports form part of a socket address, which combines an with a port number to uniquely specify endpoints for communication between hosts. This mechanism allows multiple applications on the same device to share a single network interface without interference, as incoming packets are directed to the appropriate process based on the destination port. The concept of ports originated in early network protocols to support concurrent connections, with TCP using ports to establish reliable, connection-oriented sessions between sockets. In UDP, ports facilitate connectionless datagram delivery, where the source and destination ports in the header identify the sending and receiving processes, though reliability is not guaranteed. A full connection in TCP, for instance, is defined by a tuple of source IP, source port, destination IP, and destination port, ensuring precise routing of data. Port numbers are categorized into three ranges by the (IANA): system ports (0–1023) reserved for privileged services like HTTP on port 80 and HTTPS on port 443; user ports (1024–49151) for registered applications; and dynamic or private ports (49152–65535) for ephemeral use by client applications. These assignments prevent conflicts and standardize network service identification across the . IANA maintains the official registry of port assignments, updating procedures as outlined in relevant RFCs to accommodate evolving protocols. Ports play a critical role in network security and functionality, as firewalls often filter traffic based on port numbers to control access, while techniques like (NAT) may involve port mapping to handle multiple internal connections over a single public IP. Misconfiguration or exploitation of open ports can lead to vulnerabilities, underscoring the need for secure port management in modern systems.

Fundamentals

Definition

In computer networking, a port is a logical endpoint that facilitates communication between processes on networked hosts, enabling multiple applications on a single device to utilize the same network connection concurrently. This abstraction allows data streams from different applications to be multiplexed over the shared network interface and demultiplexed upon arrival to the correct process. Ports function at the of the TCP/IP protocol suite, which aligns with Layer 4 of the OSI reference model. Unlike physical ports—hardware interfaces such as Ethernet jacks or USB connectors that provide tangible connection points for cables—networking ports are purely software-based constructs without physical counterparts. Fundamentally, a port combines with an to form a socket, creating a for endpoints in network communications and ensuring precise routing of data between specific processes across the .

Port Numbers

In computer networking, port numbers serve as 16-bit unsigned integers that identify specific processes or services on a host within transport layer protocols like TCP and UDP, with values ranging from 0 to 65,535. This fixed size allows for 65,536 possible port numbers, enabling multiplexing of multiple connections over a single IP address by distinguishing between different application endpoints. Port number 0 is typically reserved and not used for active bindings, while the range facilitates both standardized assignments and ephemeral allocations for temporary use. The binding process associates an application's socket with a specific local number and , allowing the operating system to route incoming packets to the correct process. This is achieved through system calls such as bind() in socket programming APIs, where the application specifies the desired and optionally the local ; if unspecified, the system may select an available . Upon successful binding, the socket becomes associated with that , and only one process can bind to a given on a specific at a time, preventing conflicts. This mechanism ensures that incoming traffic directed to the is demultiplexed to the bound application. A complete network endpoint, known as a socket pair, is defined by the four- consisting of the source , source , destination , and destination , which uniquely identifies a bidirectional connection between two hosts. This allows the to maintain state for connections, distinguishing them even when multiple flows share the same . numbers play a critical role in verification through calculations in TCP and UDP headers. The for TCP segments and UDP datagrams covers the entire header—including the source and destination fields—along with the payload and a conceptual pseudo-header that includes the source and destination , the protocol number, and the segment or datagram length. This inclusion of ports in the helps detect errors or misdeliveries that could alter endpoint identification during transmission.

Port Classification

Well-Known Ports

Well-known ports, also referred to as system ports, encompass the numerical range from 0 to 1023 and are standardized for use by common network services and applications that necessitate elevated privileges. On operating systems, binding to these ports typically requires privileges, while on Windows systems, administrator rights are needed to listen on ports below , ensuring that only trusted system processes can utilize them to prevent unauthorized access by unprivileged users. This privileged status enhances security by restricting the ability of arbitrary applications to masquerade as standard services. The Internet Assigned Numbers Authority (IANA) manages the assignment of well-known ports through a rigorous process defined in RFC 6335, which obsoletes earlier procedures and establishes guidelines for the Service Name and Transport Protocol Port Number Registry. Assignments in this range employ either the "IETF Review" or "IESG Approval" policy as per RFC 5226, supplemented by expert review conducted by designated specialists to evaluate submissions. Approval criteria emphasize the applicant's justification for needing a system port over higher user or dynamic ranges, demonstration of widespread adoption or potential for it, provision of a stable protocol specification as a reference, and assurance of long-term stability to avoid future conflicts or reassignments. These standards ensure that only essential, enduring services receive low-numbered ports, preserving the integrity of global network interoperability. Port 0 holds a distinct reserved status within this range and is explicitly unavailable for standard assignment to any service or application. IANA designates it as unassigned to accommodate potential protocol-specific implementations or internal stack behaviors, such as in certain error-handling scenarios, without risking collision with operational ports. An illustrative example of assignment rationale is the allocation of port 80 to the Hypertext Transfer Protocol (HTTP), which stems from historical precedence in the protocol's early specification. Developed by in 1991, HTTP initially utilized port 80 as its default, a choice carried forward and formalized in RFC 1945 for HTTP/1.0 due to its established use in nascent web implementations, thereby meeting IANA's criteria for stability and ubiquity despite the availability of higher ports. This decision has since underpinned the web's foundational architecture.

Registered and Dynamic Ports

Registered ports occupy the range from to 49151 and are designated for specific network services that require a consistent identifier but do not necessitate system-level privileges. These ports are assigned by the (IANA) upon request from developers or organizations, following procedures such as Expert Review or IETF Review, provided the applicant justifies why dynamic ports are unsuitable for their application. Unlike well-known ports, registered ports can be used by non-privileged processes, enabling broader adoption for user-level services like custom database connections or proprietary protocols. Dynamic or ephemeral ports span the range from 49152 to 65535 and are reserved exclusively for temporary, automatically assigned use by operating systems during client-initiated connections. These ports are not registered or assigned by any authority; instead, the kernel allocates them dynamically for outbound sessions, such as when a establishes a temporary connection to a server on port 80 or 443. This allocation ensures that multiple simultaneous connections from a single client can be distinguished without conflicting with standardized services, supporting scalable network interactions in environments like web surfing or file transfers. Ephemeral port selection is handled by the operating system's kernel using algorithms designed to promote and minimize predictability for reasons. Common methods include simple within the available range, hash-based selection incorporating endpoint addresses and a secret key to generate unique ports, or double-hash techniques that iterate through increments to avoid collisions. For instance, modern kernels since version 5.12 employ a double-hash selection algorithm to balance efficiency and resistance to prediction attacks. These approaches ensure fair distribution across the ephemeral range while adhering to recommendations for using the full spectrum from to where feasible. To manage conflicts and prevent port exhaustion, operating systems implement reuse mechanisms tied to connection states and timeouts. In TCP, closed connections enter a TIME_WAIT state lasting approximately four minutes ( seconds by default on many systems) to allow safe reuse and avoid data duplication from lingering packets. During high-load scenarios, such as numerous short-lived connections, the kernel monitors available ports and may adjust timeouts or expand the ephemeral range if configured, though exhaustion can still occur if the TIME_WAIT duration exceeds the rate of new connections. Mitigation involves tuning parameters like reducing the TIME_WAIT timeout or increasing the port pool size, ensuring sustained connectivity without manual intervention.

Protocol-Specific Usage

TCP Ports

In the Transmission Control Protocol (TCP), ports are integral to the header structure, consisting of two 16-bit fields: the source port, which identifies the sending application's port number, and the destination port, which specifies the receiving application's port number. These fields enable the demultiplexing of incoming segments to the appropriate processes on the host and facilitate the establishment of unique end-to-end connections by combining with IP addresses to form socket pairs. During connection establishment, TCP ports play a critical role in the three-way process. The client initiates the handshake by sending a segment containing its source port (typically an ) and the server's well-known destination port, setting the SYN flag to request synchronization of sequence numbers. The server responds with a SYN-ACK segment, echoing the client's source port as its destination and using its own source port, while the client completes the handshake with an ACK segment, confirming the ports for the bidirectional connection. This exchange ensures both endpoints agree on the port bindings before data transfer begins. TCP maintains a stateful connection model where ports are associated with specific connection states, managed through socket application programming interfaces (APIs). For instance, a server socket enters the LISTEN state after binding to a port and calling the listen() function, allowing it to queue incoming connection requests on that port; upon accepting a connection via accept(), a new socket is created in the ESTABLISHED state for active data exchange, while the original remains in LISTEN. These states, including SYN-SENT for outgoing initiations and ESTABLISHED for reliable data flow, ensure orderly progression and error recovery, with the socket API providing abstractions like bind(), connect(), and close() to transition between them as per POSIX standards. After a connection closes, the port enters the TIME_WAIT state to prevent delayed or duplicate packets from interfering with new connections using the same port tuple. This state persists for a duration of twice the Maximum Segment Lifetime (2*MSL), typically around 4 minutes assuming an MSL of 2 minutes, allowing any lingering segments in the network to expire before the port can be reused. This safeguard maintains connection integrity and avoids ambiguity in segment delivery.

UDP Ports

In the User Datagram Protocol (UDP), ports serve as endpoints for communication, enabling the identification of sending and receiving processes in a connectionless environment. The UDP header includes a 16-bit source port field, which is optional and set to zero if not used, primarily to allow replies to be directed back to the originating process, and a 16-bit destination port field, which is required and specifies the target process within the context of the destination IP address. Unlike protocols with connection setup, UDP ports operate without any prior handshake or state maintenance, making the header simpler and fixed at eight bytes, consisting solely of source and destination ports, length, and checksum fields. UDP employs ports for handling s in a stateless manner, supporting where each is treated independently without guarantees of order, reliability, or duplicate detection. This allows for efficient one-way transmissions or simple request-response patterns, as applications specify source and destination ports along with IP addresses to route s directly to the intended process. The protocol's transaction-oriented design facilitates low-overhead operations, ideal for time-sensitive applications where occasional is tolerable over the benefits of reduced latency. UDP ports play a key role in and broadcast communications, where a single can reach multiple recipients on a network. For instance, (mDNS) uses UDP port 5353 for local link discovery, enabling devices to resolve hostnames via queries without a central server. Similarly, the (RTP) over UDP supports streaming for audio and video, allowing efficient distribution to groups of receivers, such as in conferencing or broadcast media scenarios. These usages leverage UDP's connectionless nature to minimize overhead in group-oriented traffic. The UDP checksum field is optional and can be set to zero to indicate no verification, but the source and destination port fields are always present in the header when UDP is employed. When computed, the checksum incorporates the ports through a pseudo-header that includes IP addresses, protocol type, and UDP length, providing protection against misdelivery while maintaining the protocol's lightweight structure.

Network Behavior

Multiplexing and Demultiplexing

In computer networking, at the enables a single host to support multiple simultaneously over a shared by assigning unique numbers to each . This combines data from different application into a single network flow, distinguishing them via source and destination ports in the transport header. For instance, a can multiplex HTTP traffic on port 80 and SSH traffic on port 22, allowing concurrent handling without interference at the IP level. Demultiplexing reverses this by directing incoming packets from the network layer to the appropriate application process on the receiving host, primarily using the destination port number. In UDP, demultiplexing relies on the source and destination port numbers, while TCP employs a four-tuple—source , source port, destination , and destination port—for finer-grained identification of connections. The operating system's kernel performs this by matching the packet's header fields to open sockets, ensuring reaches the correct process efficiently. Each socket associated with a port maintains dedicated send and receive buffers to handle data queuing, preventing overflow during temporary mismatches in transmission and application rates. Incoming segments are stored in the receive buffer until the application issues a read operation, with the TCP implementation managing acknowledgments and retransmissions independently per socket. This buffering mechanism supports reliable delivery in TCP by queuing unacknowledged data and pending receives, allowing the to absorb bursts without disrupting upper-layer applications. By enabling multiple parallel flows through distinct ports, multiplexing facilitates efficient bandwidth utilization, as each TCP connection operates its own congestion control algorithm, such as adjusting the independently to avoid global interference. This independence ensures that diverse applications can share link capacity fairly, though performance may degrade with an excessively high number of concurrent flows due to increased contention at bottlenecks. In UDP, the lack of congestion control per flow further emphasizes ports' role in isolating streams for aggregate throughput without built-in throttling.

Port Forwarding

Port forwarding is a networking technique that redirects incoming traffic from a specific port on an external to a designated internal host and port within a , enabling external access to services hosted behind a router or gateway. This process is commonly used to expose internal servers, such as web or file servers in or small environments, to the public without requiring a public IP for each device. For instance, an administrator might configure a router to forward all incoming requests on TCP port 80 to an internal web server at 192.168.1.100:80. In the context of Network Address Translation (NAT), port forwarding facilitates traversal of NAT boundaries by mapping external connections to internal endpoints, allowing devices on private networks to receive unsolicited inbound traffic that would otherwise be blocked. , as defined in foundational specifications, translates IP addresses between private and public realms while preserving port information to maintain session integrity. builds on this by explicitly defining the redirection rules, often implemented as a subset of functionality in routers. Port forwarding is typically static, establishing a fixed, manual mapping between an external port and an internal destination, which remains active until manually changed and is ideal for persistent services like remote desktop access. Automatic methods, such as or (UPnP), can create temporary mappings that are established and removed based on application requests, reducing administrative overhead for short-lived connections. Port Address Translation (PAT), a form of NAT overload, allows multiple internal devices to share a single public through dynamic port assignments primarily for outbound traffic, but supports inbound redirection when combined with port forwarding rules. Universal Plug and Play (UPnP) simplifies for by providing an automated protocol for devices to request and configure port mappings on compatible routers without user intervention. Through the UPnP Internet Gateway Device (IGD) service, applications like online gaming clients or software can dynamically open ports, such as UDP port 3074 for Live, ensuring seamless connectivity while the mappings expire after inactivity to enhance security. Configuration of typically occurs in router administrative interfaces, where users define rules specifying the external port, protocol (TCP or UDP), internal IP, and target port. For example, to enable online gaming on a console like , a rule might forward TCP/UDP ports 3478-3480 and 1935 from the router's WAN interface to the console's LAN IP, ensuring low-latency multiplayer sessions. These settings are often combined with firewall rules to restrict access to trusted sources only.

Security

Port Scanning

Port scanning is a technique used to determine the status of ports on a target host or network, identifying open ports that may indicate running services and potential vulnerabilities. It involves sending packets to specific ports and analyzing the responses to map and discover exploitable entry points. This process is fundamental in network reconnaissance, allowing professionals to assess exposure without necessarily exploiting weaknesses. Common scanning methods include the TCP SYN scan, also known as half-open scanning, where a SYN packet is sent to initiate a connection; if a SYN-ACK response is received, the scanner sends a RST to abort without completing the , making it stealthier as it avoids full connections. The full TCP connect scan completes the entire three-way using the operating system's connect() function, which is more detectable but requires no special privileges and works when SYN scanning is blocked. UDP scanning sends UDP packets to ports; closed ports typically elicit an ICMP port unreachable message, while open ports may respond with a UDP packet or nothing, distinguishing it from TCP-based methods due to UDP's connectionless nature. Nmap, a widely used open-source tool, supports these methods through options like -sS for scans, -sT for connect scans, and -sU for UDP scans, enabling efficient probing of thousands of ports. It incorporates stealth features such as decoy IP addresses to obscure the scanner's origin, packet fragmentation to evade intrusion detection systems, and idle scans that use hosts to indirectly probe targets. Additionally, Nmap's version detection (-sV) interrogates open ports with protocol-specific probes from its nmap-service-probes database, identifying service versions and protocols to aid , often reclassifying ambiguous port states. Responses from scans determine port states: an accepts connections, responding with SYN-ACK for TCP or a service-specific reply for UDP, indicating an active listening service; a closed port rejects connections, sending RST for TCP or ICMP unreachable for UDP as per RFC 793 specifications; a filtered port blocks probes, yielding no response or an ICMP unreachable rate-limited error, often due to firewalls preventing determination of openness. Port scanning raises legal and ethical issues, permissible in authorized penetration testing where it simulates attacks to identify risks, requiring explicit rules of engagement, management approval, and compliance with laws like the to avoid unauthorized access penalties. Unauthorized scanning constitutes hacking, potentially leading to criminal charges for exceeding authorized access, whereas ethical use in testing strengthens defenses without exploitation intent.

Firewall and Port Security

Firewalls in computer networking employ rules to control access to ports, enhancing by permitting or denying based on port numbers, protocols, and connection states. Stateful inspection firewalls, a common type, maintain a state table that tracks the status of active connections, allowing them to filter packets more effectively than stateless methods by verifying if incoming aligns with established sessions. For instance, these firewalls can allow inbound on TCP port 80 for web services only if it matches an existing outbound connection, while denying unsolicited packets to the same port. Tools like in implement such rules through commands that specify allow or deny actions for specific ports, such as permitting TCP on port 22 for SSH while blocking all other inbound connections by default. Port knocking provides an additional layer of protection by requiring clients to send a specific of connection attempts to closed before a desired service is temporarily opened. This technique, first described in , involves a client transmitting packets to a predefined series of ports—such as ports 7000, 8000, and 9000 in —which a monitoring daemon on the host recognizes from firewall logs to trigger an action, like adding a rule to to open 22 for a short duration. By keeping all closed initially, obscures services from casual scans and unauthorized access, though it relies on the secrecy of the knock for effectiveness. Common vulnerabilities associated with ports include exploits targeting port 0 and issues arising from predictable ephemeral ports. Port 0, reserved by IANA and technically invalid for use, has been observed in malicious activities such as DDoS attacks and fingerprinting, where attackers send traffic from source port 0 to spoof origins or probe responses, potentially bypassing filters due to its anomalous nature. Analysis of global traffic shows that port 0 packets often coincide with SYN+ACK from spoofed DDoS floods, comprising up to 33% of volume from a small number of victims, and are also used in 48.8% of cases for port scanning. Predictable ephemeral ports, allocated sequentially from a fixed range (e.g., starting at and incrementing), pose risks by enabling off-path attackers to guess connection quadruplets (source/destination IP and ports) for injecting forged packets, such as TCP resets that disrupt sessions like BGP on port 179. This predictability has been shown to degrade in protocols relying on ephemeral ports, facilitating blind attacks without direct network access. Best practices for port security emphasize the principle of least privilege, which involves closing all unnecessary ports and services to minimize the on systems. Organizations should install minimal configurations, disabling unused protocols and applications—such as FTP on port 21 if not required—and configuring services to bind only to essential ports, thereby limiting exposure to potential exploits. Intrusion detection systems (IDS) complement this by continuously monitoring port activity for anomalies, using signature-based detection to match known port scan patterns and anomaly-based methods to flag deviations like unexpected traffic on high-numbered ports indicative of backdoors. Deployment of network-based IDS near firewalls or host-based agents on critical servers enables real-time logging and alerting for port-related threats, such as unauthorized service startups or policy violations.

Practical Applications

Common Examples

In computer networking, ports are essential for identifying specific services and enabling communication between applications. Common examples illustrate how standardized port numbers facilitate everyday protocols, allowing multiple services to coexist on the same through . These assignments are managed by the (IANA) to ensure consistency across networks. Web browsing relies heavily on the Hypertext Transfer Protocol (HTTP) and its secure counterpart, . HTTP typically uses TCP port 80 to transmit unencrypted web pages and resources from servers to clients. In contrast, employs TCP port 443 to provide encrypted communication, protecting sensitive data such as login credentials and financial transactions via (TLS). These ports handle the vast majority of , with increasingly dominant due to security requirements. Email services utilize dedicated ports for reliable message delivery and retrieval. The (SMTP) operates on TCP port 25, enabling servers to send outgoing emails between mail transfer agents. For receiving emails, the version 3 (POP3) uses TCP port 110, allowing clients to download messages from a server, often deleting them from the server after retrieval. The (IMAP) runs on TCP port 143, supporting remote access to email folders and synchronization across multiple devices without necessarily removing messages from the server. These protocols ensure efficient email handling in both client-server and server-to-server interactions. Other widely used services demonstrate diverse port applications. Secure Shell (SSH) employs TCP port 22 for secure remote login and command execution, replacing insecure protocols like Telnet with encrypted tunnels. The File Transfer Protocol (FTP) uses TCP port 21 for control connections to manage file transfers and port 20 for data connections in active mode, facilitating reliable file uploads and downloads. Domain Name System (DNS) queries and responses occur primarily over UDP port 53 for efficiency in name resolution, though TCP port 53 is used for larger responses or zone transfers. Network configuration often involves the (DHCP), which automates assignment. DHCP servers listen on UDP port 67, while clients use UDP port 68 to request and receive lease information; clients may also employ ephemeral ports (typically in the range 49152–65535) for subsequent communications. This setup allows dynamic allocation without manual intervention, supporting the scalability of modern networks.

Use in URLs

In Uniform Resource Identifiers (URIs), the port number is specified within the authority component immediately following the host, separated by a colon, using the syntax host:port where port consists of one or more decimal digits representing a value between 0 and 65535. This allows clients to target non-default services on a host without altering the underlying protocol scheme. For example, the URL http://example.com:8080 directs the client to connect to the host example.com on port 8080. When the port matches the scheme's default, it is typically omitted from the URI to simplify notation; for HTTP, the default is port 80, and for , it is port 443. Omitting the port in such cases results in the client automatically resolving to the default, as in http://[example.com](/page/Example.com) which implies port 80. This convention enhances readability while ensuring unambiguous resolution. Web browsers parse the from the during the navigation process and initiate a TCP connection to the specified host and using the protocol defined by the scheme. If a is explicitly provided, it overrides the default; otherwise, the scheme's default is used, and browsers normalize the internal representation accordingly. In cases of connection failure—such as the being unreachable or blocked—browsers display user-facing errors like "ERR_CONNECTION_REFUSED" or "This site can’t be reached," without automatic fallback to alternative . For HTTPS URLs, which denote secure contexts, browsers enforce (TLS) expectations on the target port, leading to failures and errors (e.g., ERR_SSL_PROTOCOL_ERROR) if the server does not support TLS on that port. This restriction prevents insecure data transmission in purportedly secure sessions, even on non-standard ports like 8443, where TLS must still be implemented for successful connections. Browsers may further impose blocks on specific "unsafe" ports across protocols to mitigate cross-protocol attacks, though HTTPS primarily fails due to protocol mismatch rather than port number alone.

History and Standards

Development History

The concept of ports in computer networking traces its origins to the in the early 1970s, where socket numbers served as precursors to modern port numbers. In May 1972, RFC 349 proposed a centralized authority—initially —to assign standard 8-bit socket numbers for network-wide protocols, dividing them into ranges for standard functions (0-63), host-specific services (64-127), and experimental use (240-255). These socket numbers enabled process identification and multiplexing in the Network Control Protocol (NCP), the ARPANET's initial host-to-host protocol, with early lists published in RFC 433 (December 1972) and RFC 503 (June 1973). The transition from NCP to TCP/IP marked a pivotal evolution, standardizing 16-bit port numbers. RFC 793, published in August 1981, defined the Transmission Control Protocol (TCP) with ports as components of socket addresses to support connection multiplexing and demultiplexing. This specification took effect on the in January 1983, known as , replacing NCP and extending port usage to both TCP and UDP. In parallel, the 4.2BSD release in 1983 introduced , including ephemeral ports—temporary high-numbered ports (traditionally 1024-4999) automatically assigned by the kernel for client-side connections when binding to port 0. The (IANA), informally established under Postel's oversight since 1972, began more structured port management in the late 1980s. By December 1988, IANA was formally recognized for protocol parameter assignments, including ports, under a grant. RFC 1340 in July 1992 provided an early registry of assigned numbers, distinguishing well-known ports (controlled by IANA) from registered ports usable by ordinary users. Subsequent RFCs refined port assignments and ranges. RFC 1700 in October 1994 offered a comprehensive snapshot of parameters, listing detailed TCP and UDP port assignments. This evolved into RFC 6335 in August 2011, which established IANA's procedures for the service name and port number registry, formalizing ranges as system ports (0-1023), user ports (1024-49151), and dynamic/ephemeral ports (49152-65535). Early ports like on port 23, initially assigned as socket 1 in RFC 349 but standardized to 23 in RFC 854 (May 1983), represent outdated aspects of this history. 's plaintext transmission made it vulnerable, leading to its replacement by secure protocols, though the port assignment persists as a legacy identifier.

IANA Management

The (IANA), operated by Public Technical Identifiers (PTI) as an affiliate of the (ICANN), oversees the global coordination of parameters, including the assignment of transport protocol port numbers. In 2016, oversight of IANA functions transitioned from U.S. government contracts to a global multistakeholder model coordinated by ICANN. IANA maintains the official Service Name and Transport Protocol Port Number Registry, which documents service names and their associated port numbers across protocols such as TCP, UDP, DCCP, and SCTP, ensuring uniqueness and preventing conflicts in Internet communications. This registry serves as the authoritative source for port assignments, categorizing ports into System Ports (0–1023), User Ports (1024–49151), and Dynamic/Private Ports (49152–65535). The registration process for new port assignments is governed by procedures outlined in RFC 6335, which emphasizes a structured application to maintain orderly allocation. Applicants must submit a request to IANA including a unique service name, the relevant transport protocol(s), assignee and contact details, a concise description of the service, and a reference (such as an RFC or standards document); for User or System Ports, justification is required explaining why dynamic ports are insufficient. Service names are assigned on a first-come, first-served basis, while port numbers undergo Expert Review by designated specialists (e.g., for TCP/UDP) or, for System Ports, IETF Review followed by approval from the Internet Engineering Steering Group (IESG). Upon approval, assignments are published in the IANA registry and may be documented in RFCs or Standards-Management Information (SMI) records for broader standardization. IANA handles updates and deprecations through a careful to address conflicts or obsolescence, often involving input to preserve network stability. For instance, unused or conflicting ports can be marked as or reassigned after de-assignment, with revocations requiring a public IESG call for comments to evaluate impact; transfers of assignments are prohibited, instead favoring de-assignment followed by re-registration if needed. A notable example is the reassignment of ports 1021–1022 across multiple protocols for experimental purposes, demonstrating IANA's role in resolving legacy conflicts post-RFC 6335's 2011 updates. In global coordination, IANA collaborates closely with protocol designers and standards bodies like the IETF to allocate ports for emerging technologies, ensuring compatibility with existing infrastructure. For example, the transport protocol, standardized by the IETF for (RFC 9114), reuses UDP port 443—traditionally associated with —without requiring a new dedicated assignment, allowing seamless integration while leveraging IANA's registry for reference. This partnership facilitates timely assignments for innovative protocols, balancing novelty with the need for widespread adoption.

References

  1. https://www.ietf.org/rfc/rfc793.txt
  2. https://www.ietf.org/rfc/rfc768.txt
  3. https://www.iana.org/assignments/service-names-port-numbers
  4. https://datatracker.ietf.org/doc/html/rfc6887
  5. https://datatracker.ietf.org/doc/html/rfc6056
  6. https://datatracker.ietf.org/doc/html/rfc793
  7. https://datatracker.ietf.org/doc/html/rfc1122
  8. https://www.cloudflare.com/learning/network-layer/what-is-a-computer-port/
  9. https://datatracker.ietf.org/doc/html/rfc768
  10. https://man7.org/linux/man-pages/man2/bind.2.html
  11. https://datatracker.ietf.org/doc/html/rfc5961
  12. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
  13. https://learn.microsoft.com/en-us/answers/questions/292450/what-port%28s%29-doesnt-need-administrator-privilege-t
  14. https://www.ietf.org/archive/id/draft-cotton-tsvwg-iana-ports-00.html
  15. https://datatracker.ietf.org/doc/html/rfc6335
  16. https://www.rfc-editor.org/rfc/rfc1945.html
  17. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
  18. https://datatracker.ietf.org/doc/html/rfc6335#section-6
  19. https://datatracker.ietf.org/doc/html/rfc6056#section-3.3
  20. https://0xkol.github.io/assets/files/danss-22-device-tracking-via-linux-new-tcp-source-port-selection-algorithm.pdf
  21. https://datatracker.ietf.org/doc/html/rfc6056#section-2.1
  22. https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/tcp-ip-port-exhaustion-troubleshooting
  23. https://pubs.opengroup.org/onlinepubs/009695099/functions/listen.html
  24. https://datatracker.ietf.org/doc/html/rfc6762
  25. https://datatracker.ietf.org/doc/html/rfc8085
  26. http://nil.lcs.mit.edu/rtm/papers/icnp97-web.pdf
  27. https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html
  28. https://datatracker.ietf.org/doc/html/rfc2663
  29. https://www.techtarget.com/searchnetworking/definition/Port-Address-Translation-PAT
  30. https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf
  31. https://datatracker.ietf.org/doc/html/rfc6970
  32. https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/Configure-Port-Forwarding-and-Port-Triggering-RV160-and-RV260.html
  33. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
  34. https://nmap.org/book/man-port-scanning-techniques.html
  35. https://nmap.org/book/man-version-detection.html
  36. https://www.congress.gov/crs-product/R47557
  37. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-41r1.pdf
  38. https://www.giac.org/paper/gsec/4122/port-knocking-overview-concepts-issues-implementations/106545
  39. http://www.portknocking.org/view/about/summary
  40. https://dl.ifip.org/db/conf/networking/networking2019/1570512603.pdf
  41. https://www.icir.org/mallman/pubs/All09/All09.pdf
  42. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-123.pdf
  43. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-94.pdf
  44. https://www.iana.org/go/rfc9110
  45. https://www.iana.org/go/rfc1939
  46. https://www.iana.org/go/rfc3501
  47. https://www.iana.org/go/rfc4251
  48. https://www.iana.org/go/rfc959
  49. https://www.iana.org/go/rfc1035
  50. https://www.iana.org/go/rfc2131
  51. https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3
  52. https://url.spec.whatwg.org/#concept-url-port
  53. https://datatracker.ietf.org/doc/html/rfc3986#appendix-A
  54. https://url.spec.whatwg.org/#default-port
  55. https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.3
  56. https://developer.mozilla.org/en-US/docs/Web/API/URL/port
  57. https://url.spec.whatwg.org/#url-parsing
  58. https://developer.mozilla.org/en-US/docs/Web/API/URL_API
  59. https://security.stackexchange.com/questions/103891/can-i-use-port-443-without-ssl
  60. https://www.sectigo.com/resource-library/tls-ssl-handshake-errors-how-to-fix-them
  61. https://www.keenformatics.com/ports-that-are-blocked-by-browsers
  62. https://datatracker.ietf.org/doc/rfc349/
  63. https://datatracker.ietf.org/doc/rfc433/
  64. https://datatracker.ietf.org/doc/rfc503/
  65. https://www.internetsociety.org/ianatimeline/
  66. https://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
  67. https://datatracker.ietf.org/doc/html/rfc1340
  68. https://datatracker.ietf.org/doc/html/rfc1700
  69. https://www.iana.org/about
  70. https://datatracker.ietf.org/doc/rfc6335/
  71. https://www.iana.org/protocols/apply
Add your contribution
Related Hubs
User Avatar
No comments yet.