network ports, what they are and they work

Network Ports, what they are and they work.

Network ports are the threads that hold network communication together. They are an essential part of networking that canbe easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how networkports operate.

What is a network port?

In my early IT days, about 20 years ago, I had a hard time grasping the concept of network ports. I read books and articlesabout how hackers exploited such and such port and how you have to close some ports and secure others you are using. Imust confess it took me some time to fully understand the concept and most importantly how to apply that understanding inthe real IT administration and support world.

I decided to write this article to shed some light to those also having difficulties understanding the concept; if your area ofexpertise is not networking or you are a beginner this article will help you. I personally know many talented IT professionalswhose expertise are in database, system administration, and application support who find it a bit difficult to conceptualizenetworking concepts, especially network ports. If you're an experienced network engineer you may find it refreshing orperhaps basic as this is something we've all been pounded with for most of our careers.

To understand what a network port is we first have to build a foundation, for that we'll cover various networking conceptsthat will help you understand how communication between endpoints work in a network, that understanding will ultimatelylead us to see the network ports in action.

Let's look at the following network diagram. This is a flat, simple Ethernet network configuration that is very common inmost small environments:

We have 3 Windows desktop computers, 1 Windows server, 1 unmanaged switch, a Firewall\Router, and a connection to theinternet.

The network uses TCP/IP protocol suite, meaning that each device has a unique IP address. The server in the network servesmultiple purposes: it's a Windows Domain Controller, and it also serves as a FTP, Web, and application server for the localusers to access resources

Network Ports, what they are and they work. http://www.experts-exchange.com/articles/22179/Network-Port...

1 of 8 1/22/16, 12:41 AM

When hosts want tocommunicate with each other many interesting happen in the background, for the sake of this article we'll ignore the ARP,IP, and DNS resolution process. Let's just say that each host knows how to get to all other hosts in the network. As we aredealing with an IP network each host has a unique IP address that identifies it.

Now let's go over a couple of day to day activities that occur in a network and how network protocols work in them:

When PC1 accesses a shared drive on PC3 it uses SMB network protocol for communication. PC3 sees the request and ifPC1 request is authenticated PC3 allows the communication to take place.

PC2 accesses the local website hosted by Server1, in this case the end user uses a desktop application to reach the server'sweb content, in the background a network application handles the communication and information is transferred betweendevices.

Lastly, the office admin needs to create another network account. For this the local admin accesses Server1 from PC2 via anetwork application known as RDP which gives her direct access to the server console.The aforementioned examples show simple network tasks. In order for those tasks to take place hosts need to communicatewith each other for various functions, that communication is established and maintained by the corresponding networkprotocol.

So far we have mentioned network protocols and network application, let's review what they are as we need that informationto understand network ports.

Network Protocols: ever since I started in IT I've heard the same general definition of network protocols: a set of rulesdevices utilize for communication, it is a good general definition in its most basic form for what a protocol does in anetwork environment. The same way we have rules and procedures to effectively communicate with someone throughverbal conversations Protocols serve as a standard for devices to communicate among themselves.

The term protocol is widely used in IT and depending on the context is used its meaning may vary. This wassomething I really had to stress to my students when I taught networking classes. For them, at the time, every time theyheard protocols they automatically associated it with network protocols. It made sense at the time but once we starting goingover more technologies they soon realized that it was not always the case and that term protocol is widely used.

For instance, the Institute of Electrical and Electronics Engineers (IEEE) have created many network standards such as the802, 802.11 and each standard is divided into subcategories as they create different projects. Those standards are also knownas protocols, they provide the rules and guidelines hardware manufacturer use create their products to ensureinteroperability. There other network architectures such as Token Ring, ATM, and FDDI that are also referred to as networkprotocols. In these case they are referring to network industry standards and not to the protocols we see in action in the OSIor the TCP/IP model. That is the reason why we have to understand the context where protocol appears, you may have beenasking yourself: what does all this have to do with network ports? And the answer is: A Lot, you'll see how it all comes


2 of 8 1/22/16, 12:41 AM

together as you keep reading.

A brief review of the OSI and TCP/IP model: The Open System Interconnection (OSI) and the TCP/IP model areconceptual representations of network communication. They are the result of industry organizations attempt to explain,define, and represent internetworking communication and how protocols operate. Each standard represents communicationsin abstraction layers to help us understand the communication process, the OSI has 7 layers and the TCP/IP model has 4layers. I will not expand on this in this article but I felt it was important to mention what they OSI and TCP/IP model do aswe understand network port. There are different thoughts about each model, however the OSI model has become the defacto technical representations of protocol communication. For that reason, I will also refer to protocols communicationfrom the OSI point of view in this article.

Network Applications: a network application is not to be confused with a user application such as Microsoft Word, Excel,Autodesk, QuickBooks, etc., even if they are used over the network. Network applications provide services that work at theApplication Layer of the OSI model, thus the name Network Application. Users don't have direct access to the networkapplications but they access them through other applications and API. In the IT world we can refer to a Network Protocol asa Network Application, it does not apply to all protocols but it many instances some protocols can function and serve asthe Network Application. To make the concept clear let's go over this example:

The FTP example: File Transfer Protocol is a network protocol used is to send and receive files over TCP. FTP is a protocolbut because it works at the Application Layer of the OSI model and performs a function that serves the users is alsoconsidered a Network Application. For details on FTP check rfc5797.

The HTTP example: Hyper Text Transfer Protocol is a network protocol used by devices to communicate in the World WideWeb. It was the original protocol created during the early internet days that allowed system to read hyperlinks fromsystems. As in the case of FTP, HTTP is also considered a network application. Click here for details on HTTP.

The TCP UDP example: Transmission Control Protocol and User Datagram Protocol are, as their names imply, networkprotocols. They both function at the Transport Layer (Layer4) of the OSI model and their most basic function is to deliverinformation. However, they are not considered Network Applications because they don't operate at the network layer.The list could go on and on but by now I'm sure we've grasp the general concept.

IP comes into play.Most network nowadays, and any network that connects in one way or another to the internet relies on IP (protocol). Yourarely hear of IP by itself but rather you see it being referred to in the TCP/IP protocol suite. Both protocols provide thestructure necessary for communication in a network. In the case of IP (Internet Protocol) provides the identification of ahost in a network by assigning a unique IP address. There are two versions of IP protocols, IPv4 and IPv6. For the sake ofthis article when I mention IP I will be referring to IPv4.

So in a simple network you have different hosts that are identified by their unique IP address in their corresponding network,meaning no other host has the same IP address. If you have the passion for networking and enjoy reading pages of whatseems to be boring, unattractive, typewriter formatted documents you'll enjoy the IETF TCP/IP tutorial, the information isbased on IPv4 and provides a deep background of how TCP/IP work. If you don't have that strong conviction to spendhours reading the document don't worry, you don't know to know the nuts and bolts for a good general concept of networkports.

As stated earlier, an IP address is unique in each network. An example of a private IPv4 address is 172.16.5.122,198.253.65.23, etc. This is not article on how IP works so I'm not spending time talking about IP classes, Subnetting, Publicand Private IPs, etc. but for the sake of the article knowing that an IP address is the unique identification of an host in an IPnetwork will suffice.

Reviewing what we've covered so far we can say we have a basic understanding of: protocols, network application, and IPaddress. Let's put the pieces together as we move closer to see network ports in action:

When a user on PC1 (172.16.5.122) accesses resources on the Server (172.16.5.127) the user on PC1 uses a desktopapplication to initiate the process. To elaborate the point we'll say that the Server is a web server hosting a site and the end


3 of 8 1/22/16, 12:41 AM

user on PC1 wants to access it. The most common application to access a website is a web browser, applications such as:Firefox, Internet Explorer, Safari, Chrome are the most popular web browser.

The web browser represents the user or desktop application, when the user enters the url in the address bar, let's saywww.google.com, the web browsers calls for the network application (HTTP) to read and process the content of the siteand present it to the user. So far so good, right?

Now, let's say that the Server (172.16.5.127) is not only hosting a website but it's also a FTP server hosting files. How doesthe Server know how to answer back to PC1 when a request is initiated? Well when the connection arrives to the Server itsees that HTTP is requesting communication on Port 80 therefore the Server understands that the request is made overHTTP and the protocol rules kick in. If they communication arrives to the server on port 21 the Server understand it's a FTPrequest, and the process goes on and so on for all network services.

So what is purpose of a port? The IETF explains the concept clearly Ports serve two purposes: first, they provide ademultiplexing identifier to differentiate transport sessions between the same pair of endpoints, and second, they may alsoidentify the application protocol and associated service to which the process connects -Rfc6335 page 7.

Now let's break it down:Provide a demultiplexing identifier to differentiate transport session between the same pair of endpoints: whenendpoints communicate with each other they have to keep track on of the communication session. For example, you areusing your computer to access a website, as stated earlier HTTP service runs on TCP port 80. The server you are connectingto listening on port 80 but you initiate the connection on port other than it, for that session you get assigned a dynamic port let's say 533369. Now, you open another session to the server but this time you access it via a FTP client to pull data fromit, since the Server has FTP server enabled on it is listening on TCP port 21, when you successfully establish the FTPsession you also get assigned a dynamic port for that session let's say 533579.

Each device in the network keeps track of the network sessions, in the Microsoft Windows world you can use the netstatcommand to view the session information. When you run the netstat command with no switches, meaning just typingnetstat, you'll see the Transport protocol in one column, your Local IP Address and Port in another column, the foreign orremote address and port on another column, and the session state.

Let's take a look at a session table, right here you can see:The Transport protocol is TCP,The Local address shows you loopback adapter (127.0.0.1) andThe IP address (172.15.5.121) each associated with a network port used for communication.The foreign address represents the remote host, in the case of the loopback address the remote address in session representsthe computer itself by the host name (X5). The remote host also shows the listening port of the remote device.


4 of 8 1/22/16, 12:41 AM

So network ports help bothendpoint devices keep track of the communication and session and also identifies the services during that communication.Using the previous capture as an example you'll notice server-54-192-37-102:https listed in the foreign address column. Inthis example server-54-192-37-102 represents the server name and https represents the network protocol the remote hosts islistening to, we know that https is port 443. The port can be shown in its numerical or name value.

A port identifies protocols and associated service: A service can be considered as a network application in this case, anda port number is a numerical value assigned to it for identification purposes so when people mention port 80 they arereferring to HTTP, or port 21 they are referring to FTP, port 3389 they refer to RDP, etc. The name is really irrelevant tonetwork devices but they make our life easier.

Ports are categorized: Depending on their function ports are categorized depending on their numerical value. There are65353 available ports and they are divided into three categories:

Well known ports: ports between 0-1023, these ports are the common ports assigned to the services such as telnet (23), dns(53), http (80), etc. Most common network applications fall under this category as they have been around since the earlydays that is why they are called well-known ports.

Registered or User ports: ports between 1024-49151, these ports are used by processes and programs for communication,sometimes internal communication within the application itself. An example of application using users ports are: SQL


5 of 8 1/22/16, 12:41 AM

Anywhere database server uses TCP port 2638. SonicWall anti-spam traffic communication between Remote Analyzer andthe Control Center uses TCP 2599.

Ephemeral or Dynamic ports: ports between 49152-65535. These ports are randomly assigned to the client side of theconnection when establishing a session. Remember, the client is assigned an Ephemeral port as it connects to a well-knownport. Look at the packet capture below, notice how a DNS request is made for a host name (www.precisetek.com), therequest is sent over port 59210 from the local host to port 53 on the destination server. In this case, port 53 is DNS whichworks over UDP transport protocol.

Let's look at the following example to go over the concept: When you initiate communication to a website you usually usehttp or https if it's a secure communication. To keep it simple we'll use http as an example. When you launch the web


6 of 8 1/22/16, 12:41 AM

browser and enter www.precisetek.com your system automatically understand that you want to initiate thecommunication over HTTP protocol on TCP port 80. The Server in our example is not only a web server but also a FTPand DNS server therefore servicing requests made on port 21 and 53, as clients request connections to such services theServer needs to keep track of the requests to ensure proper communication. As more session are open the session table keepsgrowing, the process occurs for all hosts in the network as they communication with each other.

Some applications can work on ports other than their default number, for instance, you can have a web server listen on port83 for HTTP instead or port 80. You can have RDP listen on port 3350 instead of 3389. There are various reason to changethe default port for an application but the most important thing to keep in mind is that the client must also initiate theconnection to new port number otherwise it will use the default port number and have the connection rejected.

Port Forwarding: so far we've been covering communication in an internal network. You may have the need to access localresources from a remote location, for that, you can use port forwarding. Remember, when your hosts are in an internalnetwork they are configured with private IP addresses, meaning that those IP address are not routable to the internet. Whendevices on your internal network browse the web they are seen as coming from one IP address, your firewall or router IPaddress. So if you want to communicate to a host in your internal network you have to communicate with the gate keeper(your firewall or router) and have it relay the message (port forward) to your internal devices.

Port Security: remember that the port represents network protocols and protocols are used for communication. If you havea port open another device with access to it can start communication - depending on the application the port is using, ahacker can gain access to the rest of your network through it. As a best practice, if you are not using a port, don't have itopen.

This concludes this article, I hope it helped you understand what network ports are and their basic functions. As a quickrecap, network ports identify a server or protocol and help keep the session between hosts. There are many topics I weededout just to stay focused on network ports as my goal was to help those wanting to get a better understanding of the concept


7 of 8 1/22/16, 12:41 AM

Gauthier

Jim Horn

jorge diaz

Naif Almarzuqi

without going through a complete networking class.

__________________________________________________________________________________________________________________________________

Thank you for reading my article, please leave valuable feedback. If you liked me to expand on certain topic related toNetwork Ports just mention it in your comments. If you liked this article or would like to see more, please click the Yesbutton near the: Was this article helpful? at the bottom of this article just below and to the right of this information.

I look forward to hearing from you. - Jorge D.

All Comments

you get assigned a dynamic port let's say 533369

Not one of the 65353 available ports, same for:

let's say 533579.

Nicely illustrated, and nice job laying a foundation for those of us who are not network experts. Voted Yes.

Thanks for pointing it out Gauthier.

Thanks for the comment Jim.

Excellent article, easy to understandThanks Alot


8 of 8 1/22/16, 12:41 AM

network ports, what they are and they work

Documents