Anda di halaman 1dari 8

Network Ports, what they are and they work.

http://www.experts-exchange.com/articles/22179/Network-Port...

Network Ports, what they are and they work.

Network ports are the threads that hold network communication together. They are an essential part of networking that can
be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network
ports operate.
What is a network port?
In my early IT days, about 20 years ago, I had a hard time grasping the concept of network ports. I read books and articles
about how hackers exploited such and such port and how you have to close some ports and secure others you are using. I
must confess it took me some time to fully understand the concept and most importantly how to apply that understanding in
the real IT administration and support world.
I decided to write this article to shed some light to those also having difficulties understanding the concept; if your area of
expertise is not networking or you are a beginner this article will help you. I personally know many talented IT professionals
whose expertise are in database, system administration, and application support who find it a bit difficult to conceptualize
networking concepts, especially network ports. If you're an experienced network engineer you may find it refreshing or
perhaps basic as this is something we've all been pounded with for most of our careers.
To understand what a network port is we first have to build a foundation, for that we'll cover various networking concepts
that will help you understand how communication between endpoints work in a network, that understanding will ultimately
lead us to see the network ports in action.
Let's look at the following network diagram. This is a flat, simple Ethernet network configuration that is very common in
most small environments:
We have 3 Windows desktop computers, 1 Windows server, 1 unmanaged switch, a Firewall\Router, and a connection to the
internet.
The network uses TCP/IP protocol suite, meaning that each device has a unique IP address. The server in the network serves
multiple purposes: it's a Windows Domain Controller, and it also serves as a FTP, Web, and application server for the local
users to access resources

1 of 8

1/22/16, 12:41 AM

Network Ports, what they are and they work.

http://www.experts-exchange.com/articles/22179/Network-Port...

When hosts want to


communicate with each other many interesting happen in the background, for the sake of this article we'll ignore the ARP,
IP, and DNS resolution process. Let's just say that each host knows how to get to all other hosts in the network. As we are
dealing with an IP network each host has a unique IP address that identifies it.
Now let's go over a couple of day to day activities that occur in a network and how network protocols work in them:
When PC1 accesses a shared drive on PC3 it uses SMB network protocol for communication. PC3 sees the request and if
PC1 request is authenticated PC3 allows the communication to take place.
PC2 accesses the local website hosted by Server1, in this case the end user uses a desktop application to reach the server's
web content, in the background a network application handles the communication and information is transferred between
devices.
Lastly, the office admin needs to create another network account. For this the local admin accesses Server1 from PC2 via a
network application known as RDP which gives her direct access to the server console.
The aforementioned examples show simple network tasks. In order for those tasks to take place hosts need to communicate
with each other for various functions, that communication is established and maintained by the corresponding network
protocol.
So far we have mentioned network protocols and network application, let's review what they are as we need that information
to understand network ports.
Network Protocols: ever since I started in IT I've heard the same general definition of network protocols: a set of rules
devices utilize for communication, it is a good general definition in its most basic form for what a protocol does in a
network environment. The same way we have rules and procedures to effectively communicate with someone through
verbal conversations Protocols serve as a standard for devices to communicate among themselves.
The term protocol is widely used in IT and depending on the context is used its meaning may vary. This was
something I really had to stress to my students when I taught networking classes. For them, at the time, every time they
heard protocols they automatically associated it with network protocols. It made sense at the time but once we starting going
over more technologies they soon realized that it was not always the case and that term protocol is widely used.
For instance, the Institute of Electrical and Electronics Engineers (IEEE) have created many network standards such as the
802, 802.11 and each standard is divided into subcategories as they create different projects. Those standards are also known
as protocols, they provide the rules and guidelines hardware manufacturer use create their products to ensure
interoperability. There other network architectures such as Token Ring, ATM, and FDDI that are also referred to as network
protocols. In these case they are referring to network industry standards and not to the protocols we see in action in the OSI
or the TCP/IP model. That is the reason why we have to understand the context where protocol appears, you may have been
asking yourself: what does all this have to do with network ports? And the answer is: A Lot, you'll see how it all comes

2 of 8

1/22/16, 12:41 AM

Network Ports, what they are and they work.

http://www.experts-exchange.com/articles/22179/Network-Port...

together as you keep reading.


A brief review of the OSI and TCP/IP model: The Open System Interconnection (OSI) and the TCP/IP model are
conceptual representations of network communication. They are the result of industry organizations attempt to explain,
define, and represent internetworking communication and how protocols operate. Each standard represents communications
in abstraction layers to help us understand the communication process, the OSI has 7 layers and the TCP/IP model has 4
layers. I will not expand on this in this article but I felt it was important to mention what they OSI and TCP/IP model do as
we understand network port. There are different thoughts about each model, however the OSI model has become the de
facto technical representations of protocol communication. For that reason, I will also refer to protocols communication
from the OSI point of view in this article.
Network Applications: a network application is not to be confused with a user application such as Microsoft Word, Excel,
Autodesk, QuickBooks, etc., even if they are used over the network. Network applications provide services that work at the
Application Layer of the OSI model, thus the name Network Application. Users don't have direct access to the network
applications but they access them through other applications and API. In the IT world we can refer to a Network Protocol as
a Network Application, it does not apply to all protocols but it many instances some protocols can function and serve as
the Network Application. To make the concept clear let's go over this example:
The FTP example: File Transfer Protocol is a network protocol used is to send and receive files over TCP. FTP is a protocol
but because it works at the Application Layer of the OSI model and performs a function that serves the users is also
considered a Network Application. For details on FTP check rfc5797.
The HTTP example: Hyper Text Transfer Protocol is a network protocol used by devices to communicate in the World Wide
Web. It was the original protocol created during the early internet days that allowed system to read hyperlinks from
systems. As in the case of FTP, HTTP is also considered a network application. Click here for details on HTTP.
The TCP UDP example: Transmission Control Protocol and User Datagram Protocol are, as their names imply, network
protocols. They both function at the Transport Layer (Layer4) of the OSI model and their most basic function is to deliver
information. However, they are not considered Network Applications because they don't operate at the network layer.
The list could go on and on but by now I'm sure we've grasp the general concept.
IP comes into play.
Most network nowadays, and any network that connects in one way or another to the internet relies on IP (protocol). You
rarely hear of IP by itself but rather you see it being referred to in the TCP/IP protocol suite. Both protocols provide the
structure necessary for communication in a network. In the case of IP (Internet Protocol) provides the identification of a
host in a network by assigning a unique IP address. There are two versions of IP protocols, IPv4 and IPv6. For the sake of
this article when I mention IP I will be referring to IPv4.
So in a simple network you have different hosts that are identified by their unique IP address in their corresponding network,
meaning no other host has the same IP address. If you have the passion for networking and enjoy reading pages of what
seems to be boring, unattractive, typewriter formatted documents you'll enjoy the IETF TCP/IP tutorial, the information is
based on IPv4 and provides a deep background of how TCP/IP work. If you don't have that strong conviction to spend
hours reading the document don't worry, you don't know to know the nuts and bolts for a good general concept of network
ports.
As stated earlier, an IP address is unique in each network. An example of a private IPv4 address is 172.16.5.122,
198.253.65.23, etc. This is not article on how IP works so I'm not spending time talking about IP classes, Subnetting, Public
and Private IPs, etc. but for the sake of the article knowing that an IP address is the unique identification of an host in an IP
network will suffice.
Reviewing what we've covered so far we can say we have a basic understanding of: protocols, network application, and IP
address. Let's put the pieces together as we move closer to see network ports in action:
When a user on PC1 (172.16.5.122) accesses resources on the Server (172.16.5.127) the user on PC1 uses a desktop
application to initiate the process. To elaborate the point we'll say that the Server is a web server hosting a site and the end

3 of 8

1/22/16, 12:41 AM

Network Ports, what they are and they work.

http://www.experts-exchange.com/articles/22179/Network-Port...

user on PC1 wants to access it. The most common application to access a website is a web browser, applications such as:
Firefox, Internet Explorer, Safari, Chrome are the most popular web browser.
The web browser represents the user or desktop application, when the user enters the url in the address bar, let's say
www.google.com, the web browsers calls for the network application (HTTP) to read and process the content of the site
and present it to the user. So far so good, right?
Now, let's say that the Server (172.16.5.127) is not only hosting a website but it's also a FTP server hosting files. How does
the Server know how to answer back to PC1 when a request is initiated? Well when the connection arrives to the Server it
sees that HTTP is requesting communication on Port 80 therefore the Server understands that the request is made over
HTTP and the protocol rules kick in. If they communication arrives to the server on port 21 the Server understand it's a FTP
request, and the process goes on and so on for all network services.
So what is purpose of a port? The IETF explains the concept clearly Ports serve two purposes: first, they provide a
demultiplexing identifier to differentiate transport sessions between the same pair of endpoints, and second, they may also
identify the application protocol and associated service to which the process connects -Rfc6335 page 7.
Now let's break it down:
Provide a demultiplexing identifier to differentiate transport session between the same pair of endpoints: when
endpoints communicate with each other they have to keep track on of the communication session. For example, you are
using your computer to access a website, as stated earlier HTTP service runs on TCP port 80. The server you are connecting
to listening on port 80 but you initiate the connection on port other than it, for that session you get assigned a dynamic port
let's say 533369. Now, you open another session to the server but this time you access it via a FTP client to pull data from
it, since the Server has FTP server enabled on it is listening on TCP port 21, when you successfully establish the FTP
session you also get assigned a dynamic port for that session let's say 533579.
Each device in the network keeps track of the network sessions, in the Microsoft Windows world you can use the netstat
command to view the session information. When you run the netstat command with no switches, meaning just typing
netstat, you'll see the Transport protocol in one column, your Local IP Address and Port in another column, the foreign or
remote address and port on another column, and the session state.
Let's take a look at a session table, right here you can see:
The Transport protocol is TCP,
The Local address shows you loopback adapter (127.0.0.1) and
The IP address (172.15.5.121) each associated with a network port used for communication.
The foreign address represents the remote host, in the case of the loopback address the remote address in session represents
the computer itself by the host name (X5). The remote host also shows the listening port of the remote device.

4 of 8

1/22/16, 12:41 AM

Network Ports, what they are and they work.

http://www.experts-exchange.com/articles/22179/Network-Port...

So network ports help both


endpoint devices keep track of the communication and session and also identifies the services during that communication.
Using the previous capture as an example you'll notice server-54-192-37-102:https listed in the foreign address column. In
this example server-54-192-37-102 represents the server name and https represents the network protocol the remote hosts is
listening to, we know that https is port 443. The port can be shown in its numerical or name value.
A port identifies protocols and associated service: A service can be considered as a network application in this case, and
a port number is a numerical value assigned to it for identification purposes so when people mention port 80 they are
referring to HTTP, or port 21 they are referring to FTP, port 3389 they refer to RDP, etc. The name is really irrelevant to
network devices but they make our life easier.
Ports are categorized: Depending on their function ports are categorized depending on their numerical value. There are
65353 available ports and they are divided into three categories:
Well known ports: ports between 0-1023, these ports are the common ports assigned to the services such as telnet (23), dns
(53), http (80), etc. Most common network applications fall under this category as they have been around since the early
days that is why they are called well-known ports.
Registered or User ports: ports between 1024-49151, these ports are used by processes and programs for communication,
sometimes internal communication within the application itself. An example of application using users ports are: SQL

5 of 8

1/22/16, 12:41 AM

Network Ports, what they are and they work.

http://www.experts-exchange.com/articles/22179/Network-Port...

Anywhere database server uses TCP port 2638. SonicWall anti-spam traffic communication between Remote Analyzer and
the Control Center uses TCP 2599.

Ephemeral or Dynamic ports: ports between 49152-65535. These ports are randomly assigned to the client side of the
connection when establishing a session. Remember, the client is assigned an Ephemeral port as it connects to a well-known
port. Look at the packet capture below, notice how a DNS request is made for a host name (www.precisetek.com), the
request is sent over port 59210 from the local host to port 53 on the destination server. In this case, port 53 is DNS which
works over UDP transport protocol.

Let's look at the following example to go over the concept: When you initiate communication to a website you usually use
http or https if it's a secure communication. To keep it simple we'll use http as an example. When you launch the web

6 of 8

1/22/16, 12:41 AM

Network Ports, what they are and they work.

http://www.experts-exchange.com/articles/22179/Network-Port...

browser and enter www.precisetek.com your system automatically understand that you want to initiate the
communication over HTTP protocol on TCP port 80. The Server in our example is not only a web server but also a FTP
and DNS server therefore servicing requests made on port 21 and 53, as clients request connections to such services the
Server needs to keep track of the requests to ensure proper communication. As more session are open the session table keeps
growing, the process occurs for all hosts in the network as they communication with each other.

Some applications can work on ports other than their default number, for instance, you can have a web server listen on port
83 for HTTP instead or port 80. You can have RDP listen on port 3350 instead of 3389. There are various reason to change
the default port for an application but the most important thing to keep in mind is that the client must also initiate the
connection to new port number otherwise it will use the default port number and have the connection rejected.
Port Forwarding: so far we've been covering communication in an internal network. You may have the need to access local
resources from a remote location, for that, you can use port forwarding. Remember, when your hosts are in an internal
network they are configured with private IP addresses, meaning that those IP address are not routable to the internet. When
devices on your internal network browse the web they are seen as coming from one IP address, your firewall or router IP
address. So if you want to communicate to a host in your internal network you have to communicate with the gate keeper
(your firewall or router) and have it relay the message (port forward) to your internal devices.
Port Security: remember that the port represents network protocols and protocols are used for communication. If you have
a port open another device with access to it can start communication - depending on the application the port is using, a
hacker can gain access to the rest of your network through it. As a best practice, if you are not using a port, don't have it
open.
This concludes this article, I hope it helped you understand what network ports are and their basic functions. As a quick
recap, network ports identify a server or protocol and help keep the session between hosts. There are many topics I weeded
out just to stay focused on network ports as my goal was to help those wanting to get a better understanding of the concept

7 of 8

1/22/16, 12:41 AM

Network Ports, what they are and they work.

http://www.experts-exchange.com/articles/22179/Network-Port...

without going through a complete networking class.


________________________________________________________________________________________________
__________________________________
Thank you for reading my article, please leave valuable feedback. If you liked me to expand on certain topic related to
Network Ports just mention it in your comments. If you liked this article or would like to see more, please click the Yes
button near the: Was this article helpful? at the bottom of this article just below and to the right of this information.
I look forward to hearing from you. - Jorge D.

All Comments
Gauthier

you get assigned a dynamic port let's say 533369

Not one of the 65353 available ports, same for:


let's say 533579.

Jim Horn

Nicely illustrated, and nice job laying a foundation for those of us who are not network experts. Voted Yes.

jorge diaz

Thanks for pointing it out Gauthier.


Thanks for the comment Jim.

Naif Almarzuqi

Excellent article, easy to understand


Thanks Alot

8 of 8

1/22/16, 12:41 AM