By definition, a port refers to a communication endpoint that is associated with a specific process or service on a computer. Ports are used to enable communication between different applications or services over a network.
To further understand ports properly, let’s imagine a bustling city like New York. Each building houses a different business, offering unique services. But how do customers find the specific store they need? That’s where street addresses come in. In Linux, ports play a similar role, directing incoming traffic to the right application.
Think of ports as numbered doorways on your computer. Each port has a unique identifier (like a building address) ranging from 1 to 65535. When you access a website, send an email, or use any online service, your request travels through the network and arrives at your computer’s IP address. But how does it know which application to target? That’s where the port number comes in!
How many Networking ports are there?
In computer networking, a port range refers to a group of consecutive port numbers. These numbers act as unique identifiers for different services or applications running on a device, just like doors leading to specific rooms in a building.
There are a total of 65,535 possible port numbers in the computer networking world! Imagine a towering skyscraper with 65,535 floors, each floor representing a unique port number. That’s a vast amount of potential communication channels!
Port ranges are categorized as follows;
Well-known ports (0-1023)
These are reserved for specific services or protocols and they range from 0-1023. The most common well-known ports are shown in the table below:
| Port | Protocol | Service |
|---|---|---|
| 20 | TCP | FTP Data |
| 21 | TCP | FTP Control |
| 22 | TCP | SSH |
| 23 | TCP | Telnet |
| 25 | TCP | SMTP (Simple Mail Transfer Protocol) |
| 53 | TCP/UDP | DNS (Domain Name System) |
| 67 | UDP | DHCP (Dynamic Host Configuration Protocol) |
| 68 | UDP | DHCP (Dynamic Host Configuration Protocol) |
| 80 | TCP | HTTP (Hypertext Transfer Protocol) |
| 110 | TCP | POP3 (Post Office Protocol version 3) |
| 143 | TCP | IMAP (Internet Message Access Protocol) |
| 443 | TCP | HTTPS (Hypertext Transfer Protocol Secure) |
| 989 | TCP | FTPS Data (FTP Secure) |
| 990 | TCP | FTPS Control (FTP Secure) |
| 993 | TCP | IMAPS (IMAP over TLS/SSL) |
| 995 | TCP | POP3S (POP3 over TLS/SSL) |
Registered ports (1024-49151)
These are the designated office spaces or apartments, assigned to specific organizations for their services. Companies or software developers can register a port number for their application or protocol, ensuring consistency and avoiding conflicts.
Here’s a table listing some registered ports (1024-49151), along with their associated protocols and services:
| Port | Protocol | Service |
|---|---|---|
| 1433 | TCP | Microsoft SQL Server |
| 1521 | TCP | Oracle Database |
| 3306 | TCP | MySQL Database |
| 5060 | UDP/TCP | Session Initiation Protocol (SIP) |
| 5432 | TCP | PostgreSQL Database |
| 6660-6669 | TCP | Internet Relay Chat (IRC) – Unprivileged ports |
| 8080 | TCP | HTTP alternate (commonly used for web proxies) |
| 8443 | TCP | HTTPS alternate |
| 8888 | TCP | HTTP alternate (commonly used for web proxies) |
| 9090 | TCP | Apache Tomcat (Java) |
| 10000 | TCP | Webmin – Web-based system administration |
| 27017 | TCP | MongoDB Database |
| 3389 | TCP | Remote Desktop Protocol (RDP) |
Dynamic or private ports (49152-65535)
These ports are available for dynamic assignment by applications and are commonly used for temporary connections.
They’re kind of temporary guest rooms or delivery entrances, used for short-term connections and applications. When you open a web page, your device might use a random port in this range to communicate with the web server. These ports are automatically assigned and released as needed.
TCP ports Vs. UDP ports
TCP stands for Transmission Control Protocol, which is one of the main protocols in the Internet Protocol (IP) suite and is used for communication over networks, including the Internet. TCP ensures that data is reliably and accurately delivered from one computer to another.
TCP ports offer logical endpoints to TCP-based applications to exchange information. For example, when a client wants to communicate with a server, it initiates a connection by specifying the IP address and port number of the server it wants to connect to. The server listens for incoming connections on its specified TCP port.
Once a connection is established, data can be exchanged between the client and server through that port
UDP on the other hand stands for User Datagram Protocol, which is another protocol in the Internet Protocol (IP) suite, like TCP. UDP ports are similar to TCP ports in that they are used to identify specific processes or services on a computer. However, there are significant differences between UDP and TCP, and these differences impact how ports are used in each protocol;
While TCP is connection-oriented, establishing connections before data exchange, and ensuring reliable and ordered delivery of data, UDP is connectionless, meaning that it does not establish a connection before sending data, and there is no guarantee of reliable or ordered delivery.
When are TCP ports used?
TCP ports are used in situations where reliable and ordered communication is crucial. For instance, when you’re browsing the web securely (HTTPS), sending emails (SMTP, IMAP, POP3), transferring files (FTP), accessing databases (MySQL, PostgreSQL, MSSQL), connecting to a remote computer (SSH), or using remote desktop services (RDP), TCP ports come into play.
These ports ensure that data is transmitted in a dependable and organized manner. Applications like secure web browsing, email exchange, file transfers, and database interactions require the reliability provided by TCP to ensure that information is accurately delivered and received. The connection-oriented nature of TCP ensures the integrity of the data being exchanged, making it suitable for a wide range of critical applications in various domains.
When are UDP Ports used?
UDP ports are employed in scenarios where a lightweight and faster communication approach is prioritized over reliability and ordered delivery. Applications such as real-time online gaming, live streaming, and Voice over IP (VoIP) leverage UDP ports. In these situations, a slight loss of data packets is acceptable if it means achieving lower latency and faster communication. Unlike TCP, UDP does not establish a connection before sending data and doesn’t guarantee the ordered delivery of packets. This makes UDP suitable for applications where speed is critical, and occasional data loss can be tolerated without significantly impacting the user experience.
Relationship between Network Ports and IP Addresses
The relationship between network ports and IP addresses can be explained by using an analogy of an apartment building. Imagine the building as a device connected to the internet, while each apartment within is a specific service or application running on that device.
IP Address:
- Your IP address is like the building’s address. It uniquely identifies the entire building on the internet and allows other devices to find it. Just like there can’t be two buildings with the same address, each device on the internet must have a unique IP address.
Port Number:
- A port number is like the apartment number within the building. It identifies a specific service or application running on that device. For example, apartment 201 might be the web server, while apartment 302 might be the email server.
Together:
- Just like you need both the building address and the apartment number to deliver a pizza, you need both the IP address and the port number to send data to the correct service or application on a device.
Here’s a table summarizing the key differences:
| Feature | IP Address | Port Number |
|---|---|---|
| Purpose | Identifies the device on the network | Identifies a specific service or application on the device |
| Type of identifier | Numerical address (e.g., 192.168.1.1) | Small integer (e.g., 80 for HTTP, 25 for SMTP) |
| Scope | Global (unique across the entire internet) | Local (specific to a device) |
| Assigned by | Internet service provider (ISP) or network administrator | Operating system or application |
So, while the IP address tells you “which building,” the port number tells you “which apartment” to reach your desired service or application.
When a computer sends or receives data over a network, the combination of the IP address and port number uniquely identifies a specific process or service on that machine. For example, if you connect to a web server, your computer might use the IP address of the server along with port 80 (for HTTP) or port 443 (for HTTPS) to establish the communication.
How are Ports used on Linux?
Ports are the virtual entry points for services on a server, and firewalls act as gatekeepers, controlling access to those ports based on security rules. In other words, the firewall controls the behavior of the port, dictating which traffic to allow and not allow based on the defined rules.
Openning Ports in Linux using the Firewall
To allow traffic through a certain port, we can use the firewall system to “open that port”. Most Linux distributions ship with a default firewall system like iptables, and we can use it to open ports as follows;
- Open or close SSH Port (SSH Server)
The SSH port is used for the Remote shell access to the server terminal. The default port number for SSH is 22, so we can use the iptables firewall with the following command;
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPTIf we want to deny SSH traffic through port 22, then we can use the following iptables command;
sudo iptables -A INPUT -p tcp --dport 22 -j DROP- Open HTTP Port ( Webserver)
The HTTP port 80 is used by Web servers to server webpages or web applications via the internet. So, the HTTP traffic uses port 80 as the logical gateway to pass through. We can use the iptables to open the HTTP port using the following command;
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPTSimilarly, if you want to close or deny traffic from passing through port 80, you can use the following iptables command:
sudo iptables -A INPUT -p tcp --dport 80 -j DROPWe’ve written a full guide on how to use the firewall to control port traffic on the Linux system, please the it here.
RECOMMENDED READING: How to install and configure UFW firewall on Ubuntu Linux
How to monitor and audit ports in Linux
Monitoring and auditing ports in Linux is crucial for security, detecting intrusions, revealing vulnerabilities, and meeting compliance requirements.
Keeping tabs on open ports can proactively prevent attacks, troubleshoot network issues, optimize performance, and gain valuable insights into system behavior. So, there various tools you can use to monitor ports on your Linux system and these are;
Using netstat
The netstat command can be used to display network-related information, including open ports. To install netstat on Linux, run the following command;
sudo apt install net-toolsOnce netstat is installed, we can use it to monitor ports on the system using various parameters like;
To see a list of all open ports, run the following netstat command;
sudo netstat -tulpnAssuming these ports: SSH, FTP, HTTP, HTTPS, RDP, MYSQL, and RTMP ports are open when you run the above command, you will be able to see the following printout on the terminal;
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1234/sshd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 5678/vsftpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4321/apache2
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8765/apache2
tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 9876/xrdp-sesman
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5432/mysqld
tcp 0 0 0.0.0.0:1935 0.0.0.0:* LISTEN 1357/nginxFrom the above output, we see that the listed ports are in a “LISTEN” state, indicating they are open, and actively waiting to accept connections.
If no ports are listening, the printout will not list anything on the terminal.
Using lsof (list open files)
The lsof command can be used to list open files and, in this case, open network connections, and you can install it on Ubuntu Linux by running the following command;
sudo apt install lsofTo see a list of open ports, you can use lsof tool by running the following command:
sudo lsof -i -P -n | grep LISTENThis command shows open Internet files (-i), displays port numbers numerically (-P), does not resolve hostnames (-n), and filters for listening connections using grep LISTEN. See the sample printout below;
sshd 1234 root 3u IPv4 12345 0t0 TCP *:22 (LISTEN)
vsftpd 5678 ftp 3u IPv4 56789 0t0 TCP *:21 (LISTEN)
apache2 4321 www-data 5u IPv6 98765 0t0 TCP *:80 (LISTEN)
apache2 4321 www-data 6u IPv6 98766 0t0 TCP *:443 (LISTEN)
xrdp-sesman 9876 xrdp 10u IPv6 54321 0t0 TCP *:3389 (LISTEN)
mysqld 5432 mysql 10u IPv4 34567 0t0 TCP *:3306 (LISTEN)
nginx 1357 www-data 6u IPv4 98765 0t0 TCP *:1935 (LISTEN)Using nmap
If you have nmap installed, you can use it to scan for open ports on a specific host. Install nmap if you haven’t already and then use the following command;
sudo nmap -p- localhostThis command will scan all ports (-p-) on the localhost. Here’s a generic example of what the output might look like;
Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-14 12:00 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.001s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE
22/tcp open ssh
21/tcp open ftp
80/tcp open http
443/tcp open https
3389/tcp open rdp
3306/tcp open mysql
1935/tcp open rtmp
Nmap done: 1 IP address (1 host up) scanned in 0.15 secondsRECOMMENDED READING: Is Port Forwarding necessary for Ant Media Server?
