Port numbers come in the range of 0 to 65535. Numbers 1–1023 are assigned to services, and 1024 to 65535 are ephemeral ports used to identify a source. Port 0 is assigned by the Internet Assigned Numbers Authority (IANA) as “reserved.”
What are ports and how do they work?
In the previous presentation, we looked at IP addresses and how routers make decisions based on the prefix part of the address to route packets from source hosts to destination hosts. We used a postal service analogy to see that the prefix is like a zipcode, and the rest of the IP address is like a street address.
Now, continuing our postal analogy, what about the recipient name? When we address a letter, we include the name of the recipient, for example, Lucille Ball. Of course, the postal service doesn’t have to look at the recipient name, but once the letter arrives at the destination address, someone has to look at the recipient name and give the letter to that person. After all, multiple people can live at the same address.
The same holds true for Internet hosts. Hosts run multiple processes or applications. For example, a server might run multiple services such as web and email. And user devices like laptops can run multiple clients such as web browsers and email readers. So when a packet arrives at a host, how do we determine which process it should be delivered to? That’s the job of TCP and UDP.
The Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP):
- Are a part of the Internet Protocol (IP) suite, sometimes called TCP/IP?
- They form what’s called the transport layer and define process-to-process communication.
- TCP and UDP Identify communication endpoints with port numbers. A port number is analogous to the recipient name on a letter.
Let’s understand TCP in a little more detail. TCP is used to send a stream of bytes from sender to receiver. It ensures reliable in-order delivery of the byte stream. Note that IP alone does not guarantee ordering or even delivery. IP packets can and do get dropped. TCP provides guaranteed in-order delivery by breaking the stream into segments and then delivering each segment in an IP packet with a sequence number. The receiver sends an acknowledgement of the received segments back to the sender, who then retransmits the segments that have not been acknowledged after a timeout.
Let’s moving on to UDP. UDP is used to send a datagram from the sender to the receiver. A datagram is delivered in an IP packet. UDP datagrams do not provide delivery guarantees. The only major difference between a UDP datagram and an IP packet is the port numbers.
Processes communicate over ports that are identified by (16-bit) numbers. Source and destination port numbers are added to each IP packet. Port numbers are often written by appending :<port-number> to the IP address.
Each host maintains a table that maps the port numbers to the processes, so when a packet arrives at a host, the host can use this table to route the packet to the correct process. In this example, the destination port 443 matches the second row, so the packet will be delivered to the web server.
So how do we determine the port numbers? For servers, the answer is that services listen on well-known port numbers (in the range 1-1023). For example:
- Web (HTTP) is port 80,
- Secure Web (HTTPS) is port 443, and
- DNS is port 53.
The client chooses the destination port number corresponding to the requested service. In our example, we are communicating with an HTTPS service, so the destination port number is 443.
As for the source port number, the client initiates communication from what’s called an ephemeral port (in the range 1024-65535). It chooses any port number in that range that is currently not in use. In this example, the client chose port number 12627, so that is the source port number.
When the server responds, it simply flips the source and destination.
But how do we determine those IP addresses? The answer is a naming service, and that is the topic of the next presentation.
But before closing on addressing, let’s summarize by revisiting the postal service analogy. The port number is like the recipient name. Just as only residents have to look at the recipient name, only the host itself has to look at the port number. When looking at the IP address, we break it into a prefix which is like the zipcode, and the rest of the IP address which is like the street address. In our example, just as only the 90210 post office has to look at the street address, only the routers in the MIT network have to look at the whole IP address. And just as outside of 90210, only the zipcode is needed to route the letter, so too outside of MIT, only the prefix is needed to route the packet.
Recapping: Application messages, for example, Web requests and responses, are put in IP packets. They are often encrypted. IP packets are addressed with source and destination IP addresses and port numbers.
An Internet Protocol address or IP address is used to deliver data across network connections. This address consists of a string of numbers that act as a unique identifier. Port numbers are a 16-bit unsigned integer appended to this string, as separated by a colon, e.g., 17.253.207.54: 443. This appended number is called a “port number,” and it is used to direct internet traffic when it arrives at a server. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are used to route a data packet to the correct process. There are numerous port numbers, and they are an essential part of how the internet works.
How do ports work?
Computer ports have been around since the dawn of computing. The Advanced Research Projects Agency Network (ARPANET) originated the concept of port numbers.
Ports are used to identify a connection endpoint and direct data to a service. There are virtual and physical ports: A USB port is an example of a physical port and often the one that springs to mind when thinking about computer ports. However, virtual ports are much more common, and this is where ports enter our story of how the internet works. Ports are part of Layer 4, the transport layer, of the OSI model of the internet.
To explain how ports work, we need to go back to an analogy of a letter addressed to “Lucille Ball, 1000 Roxbury Drive, Beverly Hills, CA 90210,” In our post on IP addresses, this analogy helps to explain how in the virtual address equivalent to the letter; an IP address routed the letter to the destination. In the postal analogy, once a letter reaches the final address, the name on the letter identifies specifically who the letter is for; in this respect, a port is the equivalent of the name Lucille Ball.
There are many virtual ports, with port numbers ranging from 0 to 65535. The internet protocols TCP and UDP decide which process the data packet is sent to; this is based on a server-client scheme, as seen in our other pages on HTTP (Hypertext Transfer Protocol) and HTTPS.
What is a host?
A host, such as a server, often runs multiple processes or applications such as web and email. Each host maintains a table that maps the port numbers to the processes; when a data packet arrives at a host, the host uses this table to route the packet to the correct process or service. Endpoint devices like laptops typically run multiple clients, such as web browsers and email readers. TCP and UDP are the protocols that decide where to send a data packet once it arrives at its destination address. However, while both direct traffic, they have different features.
What is TCP?
TCP, or Transmission Control Protocol, uses a stream of bytes to send data from sender to receiver. The core feature of TCP is its ability to ensure reliable in-order delivery of the byte stream. This is necessary because IP packets may be dropped en route. TCP provides guaranteed in-order delivery by breaking the stream into segments and then delivering each segment in an IP packet with a sequence number; the recipient acknowledges receipt of an IP packet sequence. If an IP packet sequence is not acknowledged as received, the sender retransmits the unreceived segments after a timeout.
What is UDP?
The main difference between UDP and TCP is that delivery is not guaranteed. UDP is used to send a datagram from the sender to the receiver. A datagram is delivered in an IP packet. The port numbers are the only significant difference between a UDP datagram and an IP packet. But because of this lack of delivery guarantee, TCP ports are the choice for services requiring secure and reliable data transmission, such as emails and websites.
Examples of port numbers for services
There are 65,535 possible port numbers. Services listen on well-known port numbers in the range 1–1023. Some of the most used service port numbers are:
- Port 80: Web (HTTP)
- Port 443: Secure Web (HTTPS)
- Port 53: DNS (Domain Name System)
- Port 3389: Remote Desktop Protocol (RDP)
- Port 21: File Transfer Protocol (FTP)
- Port 22: Secure Shell (SSH), a tunneling protocol used to create secure network connections
In our IP address example, 17.253.207.54: 443, the communication is via HTTPS, i.e., port 443.
Source port numbers
Source port numbers use an “ephemeral port” in the range 1024–65535. Any port number in that range currently not in use can be chosen.
The Internet Assigned Numbers Authority (IANA) maintains a list of port numbers. Port 0 is assigned as reserved by IANA and not available for use.
Akamai, ports, and online attack prevention
Cloud-based cyberattacks are ubiquitous. Akamai is dedicated to eradicating internet-borne web exploits used by hackers and cybercriminals. IP packet loss can be caused by distributed denial-of-service (DDoS) attacks against a web server. Unprotected ports or ports that allow vulnerability exploits are well-known attack vectors. Our dedicated infrastructure provides DDoS prevention to stop attacks in the cloud before they reach applications, data centers, and internet-facing infrastructure — public or private. Akamai’s unique architecture segments DNS resources across dedicated, non-overlapping clouds. More than 225 frontline SOCC responders back Akamai; our fully managed solution filters out attack traffic and stops even the most significant attacks, freeing your defenders to focus on high-priority security programs. Akamai protects the modern enterprise from vulnerabilities introduced by the cloud and a distributed workforce.
Akamai and cybersecurity
Akamai’s authority in cybersecurity was built upon a deep understanding of how protocols such as IP, HTTP, HTTPS, and ports work. As well as security, Akamai optimizes cloud computing with our suite of cloud computing solutions; provides security, scalability, and visibility; and is agnostic to the cloud service provider. Our cloud computing product suite includes the Download Delivery product line that optimizes large HTTP file downloads flawlessly, every time, at a global scale.
Frequently Asked Questions (FAQ)
Ports are either virtual or physical and are used to identify where a network begins and ends. A virtual port is assigned a 16-bit unique number used to identify a connection endpoint and direct data to a specific service or process. A port will be used to direct different types of traffic as they enter a device, e.g., emails and web pages.
Ports use two types of protocols, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP offers a more reliable service as it uses in-order delivery of the byte stream, breaking packets up into streams; any unacknowledged streams are re-sent.
Attackers can scan ports, looking for open ports that can be exploited. Firewalls block or allow traffic based on security rules. Hackers try to exploit open ports to deliver malicious traffic. Firewalls block traffic to all ports except some essential services, such as port 25 for email, 80 for HTTP web traffic, and 443 for secure HTTPS web traffic. Port 3389 for RDP traffic is a well-known attack vector where hackers will look for vulnerabilities in RDP and use them for ransomware attacks and other exploits.
A host, such as a server, often runs multiple processes or applications such as web and email. Each host maintains a table that maps the port numbers to the processes; when a data packet arrives at a host, the host uses this table to route the packet to the correct process or service. Endpoint devices like laptops typically run multiple clients, such as web browsers and email readers. TCP and UDP are the protocols that decide where to send a data packet once it arrives at its destination address. However, while both direct traffic, they have different features.
TCP, or Transmission Control Protocol, uses a stream of bytes to send data from sender to receiver. The core feature of TCP is its ability to ensure reliable in-order delivery of the byte stream. This is necessary because IP packets may be dropped en route. TCP provides guaranteed in-order delivery by breaking the stream into segments and then delivering each segment in an IP packet with a sequence number; the recipient acknowledges receipt of an IP packet sequence. If an IP packet sequence is not acknowledged as received, the sender retransmits the unreceived segments after a timeout.
The main difference between UDP and TCP is that delivery is not guaranteed. UDP is used to send a datagram from the sender to the receiver. A datagram is delivered in an IP packet. The port numbers are the only significant difference between a UDP datagram and an IP packet. But because of this lack of delivery guarantee, TCP ports are the choice for services requiring secure and reliable data transmission, such as emails and websites.
Why customers choose Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence.