TCP and UDP port

From Wikipedia, the free encyclopedia

In the TCP and UDP protocols used in computer networking, a port is a special number present in the header of a data packet. Ports are typically used to map data to a particular process running on a computer. As an example, a server used for sending and receiving email may provide both an SMTP and a POP3 service; these will be handled by different server processes, and the port number will be used to determine which data is associated with which process. This may be considered loosely analogous to simulating the effect of a single server with multiple physical connections. Note that not all transport layers use network ports; for example, although UDP and TCP use ports, ICMP does not.

In both TCP and UDP, each packet header will specify a source port and a destination port, each of which is a 16-bit unsigned integer (i.e. ranging from 0 to 65535), as well as specifying the source and destination network addresses (IP-numbers) among other things. A process may "bind" to a particular port to send and receive data, meaning that it will listen for incoming packets whose destination port matches that port number, and/or send outgoing packets whose source port is set to that port number. Processes may also bind to multiple ports.

Applications implementing common services will normally listen on specific port numbers which have been defined by convention for use with the given protocol — see list of TCP and UDP port numbers. Typically, these will be low port numbers, and in Unix only processes owned by the superuser can listen on port numbers from 0 to 1023; this is for security to prevent untrusted processes from acting as system services. Conversely, the client end of the connection will typically use a varying, high port number (ephemeral port).

Because the port number forms part of the packet header, it is readily interpreted not only by the sending and receiving computers, but also by other aspects of the networking infrastructure. In particular, firewalls (whether implemented in hardware or software) are commonly configured to respond differently to packets depending on their source and/or destination port numbers. Port forwarding is one application of this.

Processes implement connections to TCP and UDP ports by means of sockets. A socket is a transport end-point, which a process can create and then bind to a socket address; in TCP or UDP, a socket address consists of a combination of a port and an IP number. Sockets may be set to send/receive data in one direction at a time, called half duplex, or simultaneously in both directions, called full duplex. (Aside from TCP and UDP ports, sockets may also be bound to software network ports to connect internal programs on a single computer system.)

Because different services commonly listen on different port numbers as discussed, the practice of attempting to connect in sequence to a wide range of services on a single computer is commonly known as port scanning; this is usually associated either with malicious cracking attempts or with a search for possible vulnerabilities to help prevent such attacks.

Port connection attempts are frequently monitored and logged by computers connected to networks. The technique of port knocking uses a series of port connections or "knocks" from a client computer to enable a server connection.

[edit] Common ports

See list of TCP and UDP port numbers.