We'll cover in this session:
1. How port numbers work.
2. The well known port numbers.
Should be a fairly short session....Let's get started!
Remember, everytime an application communicates across the network , not only does it have to choose a protocol of communication (TCP vs UDP), but it has to generate a port number.
Specifically it has to generate a source port and a destination port. Fairly straightforward so far I hope...
How about story time now? You know how much I love stories...
-----
Let's re-visit our example from earlier.
We have our machine on the left side (10.1.1.10) who is trying to access the web server on teh right side (10.5.1.100). You've seen this scenario multiple times by now.
Well when our machine tries to browse the web we use the famous Layer 7 protocol HTTP. Well HTTP is well known for using TCP. How would your web pages look if they weren't displayed in a reliable manner? Your html and images would look all mangled....that's why HTTP always uses TCP....well 99% of the time HTTP uses TCP....
In any event, HTTP also uses the well known port number 80. This port number is reserved for HTTP to do its thing. So when we send a packet to the web server we use the destination port as port 80. You can see the image for more details.
This way the remote server knows that since the packet we sent is meant for port 80, that the packet's ultimate destination is the web server process (Apache for example).
For a list of the well known port numbers, visit:
http://www.iana.org/assignments/port-numbers
Some of the famous port numbers are:
FTP which is at port 21
SSH which is at port 22
HTTP which is at port 80
World of Warcraft which is at port 3724 (Yes it's famous!)
-----
Now what about the source port number? We discussed the destination port number that we assign when we send out a packet, what about what do we put in the source port number field?
Well you just have to think in 'inverse' terms and it will make sense. Just as the web server is a server that is handling requests, our local machine also behaves as a 'server' of sorts and handles requests as well.
We may be browsing the web, using Skype, have World of Warcraft running....all sorts of things. Just check your taskbar (if you're a Windows user) and you'll see all sorts of apps sitting there (and clogging your memory most likely).
So the point then becomes, how does incoming traffic into our machine know which app to reach? If my World of Warcraft character picks up an item and that packet is sent back to our machine, how does it know to enter my World of Warcraft session as opposed to my web browser? That's where the source port number comes into play. Souce port numbers are generated so that return traffic can be handled accordingly.
For example, when our local machine visits a web site, we'll send port 80 as the destination port number....however for the source port number we'll generate a dynamic new port number so that the web server knows how to respond to us.
Here is an example on Windows. Let's say we visited a few websites recently....
Here you'll see the output of "netstat -f" which you can run on any Windows machine. It will give you all the recent port number activity taking place on your machine.
You can see that we recently visited ebay which is shown in the image above towards the bottom. You'll also see that instead of listing 80, the output has shown "http" here. This is because with "netstat -f", the port numbers as well as the IP addresses of your destinations are resolved to their English equivlanet.
If you had run "netstat -n" the output would have not resolved the English equivalents:
On *nix machines you can also run netstat for similar detail. Make sure to run "man netstat" to see its usage.
Now if you look on the columns labeled "Local Address" you'll see our IP address followed by a dynamically generated source port number. In the examples above most of them seem to be in the 52000 range.
Therefore when we send data out, we put these dynamically generated numbers as our source port numbers. So when the web server, for example, wants to respond to us, they know what to put in their destination port number.....Something in the 52000 range in our example.
That's how we can do so many things through the inter-webz at once!
-----
Now let's revisit some of the super popular well known port numbers. These are like the popular people in high school; such as the starting QB for your high school, the arrogant cheerleader squad and the Prom queen.
You can probably tell I didn't hang out with them in high school....
Notice towards the bottom right of the image that 0-1023 are the well known reserved port numbers. This means that these are super uber special guys. What do I mean by that?
Well it means that if you want to write an application (perhaps a new online PC game) that uses TCP/UDP over the internet, you can't use any of the first 1023 port numbers. You'd have to use a port number beyond that range.
Now you'll notice that both TCP and UDP each have 65535 port numbers. These are different and mutually exclusive port numbers.
For example, port 65 on TCP and port 65 in UDP may both be used for totally different things. In the image above you'll see that port 53 refers to the DNS server in TCP but the DNS client on UDP.
However there are cases where they may be used for similar functionality as well. A common example of where they are used for similar functionality is HTTP, where both TCP and UDP use port 80.
For individual details on FTP, SSH, Telnet, SMTP, TFTP, DNS Client, etc.. its best to refer to their respective Wikipedia pages.
In general TCP applications are much more common.
That's it for today!
See its not too bad....
Hello there! Very helpful tips and useful information. I was looking buy school assignments for a very long time. Thank you for sharing!
ReplyDelete