Featured image

Table of Contents Link to heading

Port Numbers Link to heading

Info
Allow you to track multiple conversations generated by the same host using the same IP address.

The Need for Port Addressing Link to heading

Info
To keep track of the various applications that are communicating, the transport layer assigns a source and a destination port numbers to the segment header to allow the computers to distinguish between different types of data communication and direct them to the appropriate destination.

Socket Link to heading

Info
The unique combination of a L4 port number and a L3 IP address assigned to a host that track a particular session.

A socket pair, consisting of the source and destination IP addresses and port numbers, is also unique and identifies the session between the two hosts.

For example, an HTTP web page request being sent to a web server (port 80) running on a host with an IPv4 address of 192.168.1.20 will be destined to socket 192.168.1.20:80.

Types of Port Numbers Link to heading

The Internet Assigned Numbers Authority (IANA) is a standards body responsible for assigning various addressing standards.

Well-known Ports (numbers 0 to 1023) Link to heading

Info
Reserved for widely used types of network services and applications.

By defining these well-known ports for server applications, client applications can be programmed to request a connection to that specific port and its associated service.

Well-known PortApplicationProtocol
20File Transfer Protocol (FTP) DataTCP
21File Transfer Protocol (FTP) ControlTCP
23TelnetTCP
25Simple Mail Transfer Protocol (SMTP)TCP
69Trivial File Transfer Protocol (TFTP)UDP
80Hypertext Transfer Protocol (HTTP)TCP
110Post Office Protocol 3 (POP3)TCP
194Internet Relay Chat (IRC)TCP
443Secure HTTP (HTTPS)TCP
520Routing Information Protocol (RIP)UDP

Registered Ports (numbers 1024 to 49151) Link to heading

Info
Reserved for less common services and applications upon registration with IANA, and can be used by ordinary users.

When not used for a server resource, a client can dynamically select a registered port as its source port.

Registered PortApplicationProtocol
1812RADIUS Authentication ProtocolUDP
1863MSN MessengerTCP
2000Cisco Skinny Client Control Protocol (SCCP, used in VoIP applications)UDP
5004Real-Time Transport Protocol (RTP, a voice and video transport protocol)UDP
5060Session Initiation Protocol (SIP, used in VoIP applications)UDP
8008 / 8080Alternate HTTPTCP

Dynamic/Private/Ephemeral Ports (numbers 49152 to 65535) Link to heading

Info
Not controlled by IANA and can be used by any application or service without registration.

TCP/UDP Common Ports Link to heading

Info
Some applications can use both TCP and UDP. For example, the low overhead of UDP enables DNS to serve many client requests very quickly. Sometimes, however, sending the requested information can require the reliability of TCP. In this case, both protocols use the well-known port number of 53 with this service.
CommonPortApplication Port Type
53DNSWell-known TCP/UDP common port
161SNMPWell-known TCP/UDP common port
531AOL Instant Messenger, IRCWell-known TCP/UDP common port
1433MS SQLRegistered TCP/UDP common port
2948WAP (MMS)Registered TCP/UDP common port
5432PortgreSQLRegistered TCP/UDP common port

netstat Command Link to heading

Info

A network utility that can identify:

  1. The protocol in use, the local address and port number, the foreign address and port number, and the state of the connection.
  2. Active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for IP, ICMP, TCP, and UDP), and IPv6 statistics (for IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6).

Unexplained TCP connections can indicate that something or someone is connected to the local host, which is a major security threat. Additionally, unnecessary TCP connections can consume valuable system resources, thus slowing the host’s performance. Use netstat to examine the open connections on a host when performance appears to be compromised.

NetstatOutput

Image Source: Middleware Inventory