Explainer: network ports

Devices on a network have an IP address, but for successful communications across a network they need a little bit more, a port number. Common transport protocols used over networks thus provide connections between two endpoints, each being identified by its port number. One way to look at these is that an IP address is like the postal address of a large block of offices, and the port number specifies the office within that block.

Port numbers aren’t used by all network transport protocols, but are most commonly encountered in the Transmission Control Protocol, TCP, and UDP. For the rest of this article I’ll refer to TCP unless otherwise indicated.

When an app wants to connect to a remote web server using HTTP, it sends a block of bytes known as a TCP segment to the IP address of that server. At the front of that segment is a header which starts with two unsigned 16-bit integers giving the source and destination ports. By convention, an HTTP connection will be made (at first) over port number 80. If the server’s IP address is 64.32.1.5, then you can give the destination address in the form IP:port, here 64.32.1.5:80, and that can be used in a URL as http://64.32.1.5:80.

In networking, ports aren’t a physical thing. Network adaptors, routers and other hardware don’t have separate electrical circuits for each port. Instead, what happens is that the hardware gathers together all the packets with their headers containing IP addresses and ports, and sends those out to the network. At the other end, they’re received and distributed by the operating system to the respective software that is listening on each port.

As a 16-bit unsigned integer, the port number can range between 0 and 65535, divided up according to purpose:

Port 0 is reserved in TCP, and not used.
Ports 1-1023 are assigned to well-known ports for established protocols such as FTP and HTTP.
Ports 1024-49151 are assigned to other registered services.
Ports 49152-65535 are left available for dynamic, ephemeral and private purposes.

Lists of well-known ports are available from Apple, and on Wikipedia. Many of these are extremely common, and when dealing with networks you’ll become familiar with them. Apple also provides additional details most relevant to Apple products on enterprise networks, giving server host names too. Registered port numbers are also commonly encountered, but less memorable. Apple’s list provides some its products use, for example for push notifications, AirPlay, and others.

Ports are central to many firewalls. For example, you might make a rule that blocks all outgoing connections on port 194 (TCP), to disable all IRC connections. This doesn’t of course mean that anything is physically or electronically blocked, but that packets being sent to port 194 of any IP address won’t be allowed to pass through that firewall.

Ports are also fundamental to Network Address Translation (NAT). That uses dynamic port numbers, between 49152-65535, so that many different IP addresses and ports on the local network can use a single IP address on the Internet. This is a form of port forwarding, in which a router or firewall reroutes packets for one or more ports to a different port.

Potential intruders can (and do) scan your router, sending it packets for many different ports, to discover which of them are open, and could be used to gain access to your local network. This is known as port scanning, and can have benign rather than malevolent purposes when trying to troubleshoot connectivity problems. Because it’s likely to indicate attempts to attack a network, you should never perform a port scan on any IP address outside your local network, unless that has been agreed with a server’s system administrator.

Where it’s necessary to provide access to ports in a router, one technique you’ll come across is port knocking. This keeps the ports closed until a pre-arranged sequence of packets has been received by a firewall, following which it changes its rules to open a port to incoming connections. When correctly set up, port scans are unable to trigger the opening of the port, preventing potential intruders from accessing the network.

Outside firewalls and similar devices, you’ll seldom encounter ports. If you resort to packet-sniffing to investigate networking problems, port numbers will be of great importance, though, and help you identify the service associated with each packet sent or received.

2Comments

Add yours

1

Paolo on June 18, 2022 at 7:39 am

Pedantic Network Engineering comment 😀 :
IP addresses are assigned to network interfaces not to devices.
E.g. A Mac connected via Ethernet and WiFi has (at least) an IP address for each of them.

LikeLiked by 1 person
- 2
  
  hoakley on June 18, 2022 at 9:43 am
  
  Thank you. Yes, I’m fully aware of that.
  I’m also something of a semantics pedant, and point out that in English the indefinite article doesn’t have the same meaning as the word ‘one’, as in “do you have a car?” will be answered yes even though the respondent may have several cars. Neither does the verb ‘have’ imply direct possession.
  So my Mac may have as many IP addresses as it has network interfaces. Nothing in my opening words contradicts anything you write, although as this article isn’t about IP address assignment, I’m not sure how this is relevant.
  Howard.
  
  LikeLike

Share this:

Related