Ports are necessary because a single physical server may be running several (software) services. For instance, a single physical server may be running web services (httpd), secure shell access (sshd), and file transfer services (ftpd).
How is it supposed to know to which service it should direct a request? Port numbers are the answer. Consider web services, which (usually) run on port 80. But you can direct a request to a particular port:
http://localhost:901
This means a request to:
http://my.domain.com
is actually a request to:
http://my.domain.com:80
But it doesn’t have to be. You can configure your httpd server to run on a different port, and when your (physical) server receives a request, it will send that request to the specified port. Why would you do this? You might want to run your web server on a non-standard port to confuse attackers and crackers. But more likely you’ll be forced into a port other than 80 because you have more than one web server running on your computer.
If, for instance, you’re doing both ASP and Java web development on a Windows PC, you may have the standard Internet Information Services running on port 80 to serve your ASP pages.
But you’ll need a Java application server to run Java code, so you might choose to run Apache with the Jakarta Java application server running under it. Typically, this will force traffic intended for the Java server to port 8080.
This is the most common multi-port web serving scenario, but there are plenty of others.
You know darn well there’s only one (maybe two) ethernet ports on the back of your server box. These aren’t the ports we’re talking about.
The ports we’re talking about are virtual ports. There’s no corresponding physical hardware.
Think of making a telephone call to a friend’s house: you call 222-3333, and someone unfamiliar answers:
“Hello?”
“Hi, can I talk to Jake?”
This is almost exactly the dialog taking place when you request a service on a certain port.
One further detail to notice is that a port is specifically assigned to either TCP or UDP transport protocol (with all that the difference between these protocols brings).
Ports are extremely valuable for firewall operations. You can open or close any or all of your ports, and block all traffic on them.
One related concept that you may encounter is that of a socket: simply stated, a port plus an IP address equals a socket. In other words, a host (at a certain IP address) offers a service (over a certain port) allowing you to make a connection (a socket).
| Service |
Port/Protocol |
Description |
|
chargen |
19/tcp | Character Generator |
|
chargen |
19/udp | Character Generator |
|
ftp-data |
20/tcp | File Transfer [Default Data] |
|
ftp-data |
20/udp | File Transfer [Default Data] |
|
ftp |
21/tcp | File Transfer [Control] |
|
ftp |
21/udp | File Transfer [Control] |
|
ssh |
22/tcp | SSH Remote Login Protocol |
|
ssh |
22/udp | SSH Remote Login Protocol |
|
telnet |
23/tcp | Telnet |
|
telnet |
23/udp | Telnet |
|
domain |
53/tcp | Domain Name Server |
|
domain |
53/udp | Domain Name Server |
|
bootps |
67/tcp | Bootstrap Protocol Server |
|
bootps |
67/udp | Bootstrap Protocol Server |
|
bootpc |
68/tcp | Bootstrap Protocol Client |
|
bootpc |
68/udp | Bootstrap Protocol Client |
|
tftp |
69/tcp | Trivial File Transfer |
|
tftp |
69/udp | Trivial File Transfer |
|
gopher |
70/tcp | Gopher |
|
gopher |
70/udp | Gopher |
|
finger |
79/tcp | Finger |
|
finger |
79/udp | Finger |
|
http |
80/tcp | World Wide Web HTTP |
|
http |
80/udp | World Wide Web HTTP |
|
kerberos |
88/tcp | Kerberos |
|
kerberos |
88/udp | Kerberos |
|
rtelnet |
107/tcp | Remote Telnet Service |
|
rtelnet |
107/udp | Remote Telnet Service |
|
pop3 |
110/tcp | Post Office Protocol – Version 3 |
|
pop3 |
110/udp | Post Office Protocol – Version 3 |
|
sunrpc |
111/tcp | SUN Remote Procedure Call |
|
sunrpc |
111/udp | SUN Remote Procedure Call |
|
ident |
113/tcp | Identification Service |
|
auth |
113/tcp | Authentication Service |
|
auth |
113/udp | Authentication Service |
|
nntp |
119/tcp | Network News Transfer Protocol |
|
nntp |
119/udp | Network News Transfer Protocol |
|
imap |
143/tcp | Internet Message Access Protocol |
|
imap |
143/udp | Internet Message Access Protocol |
|
snmp |
161/tcp | SNMP |
|
snmp |
161/udp | SNMP |
|
snmptrap |
162/tcp | SNMPTRAP |
|
snmptrap |
162/udp | SNMPTRAP |