A well-known range of port numbers is reserved by convention to identify specific service types on a host computers. In the client-server model of application architecture this is used to provide a multiplexing service on each port number that network clients connect to for service initiation, after which communication is reestablished on other connection-specific port numbers.
Technical detailsTransport Layer protocols, such as the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), specify a source and destination port number in their packet headers. A port number is a 16-bit unsigned integer, thus ranging from 0 to 65535. A process associates its input or output channel file descriptors (sockets) with a port number and an IP address, a process known as binding, to send and receive data via the network. The operating system's networking software has the task of transmitting outgoing data from all application ports onto the network, and forwarding arriving network packets to a process by matching the packets IP address and port numbers.
Applications implementing common services often use specifically reserved, well-known port numbers for receiving service requests from client hosts. This process is known as listening and involves the receipt of a request on the well-known port and reestablishing one-to-one server-client communications on another private port, so that other clients may also contact the well-known service port. The well-known ports are defined by convention overseen by the Internet Assigned Numbers Authority (IANA), cf. list of TCP and UDP port numbers.
The core network services, such as the World-Wide Web, typically use small port numbers, less than 1024. In many Unix-like operating systems superuser privileges are required for creation of these ports, since these are often deemed critical to the operation of IP networks. Conversely, the client end of a connection typically uses a high port number allocated for short term use, therefore called an ephemeral port.
Port numbers are encoded in the transport protocol packet header, and they can be readily interpreted not only by the sending and receiving computers, but also by other components of the networking infrastructure. In particular, firewalls are commonly configured to differentiate between packets depending on their source or destination port numbers. Port forwarding is an example application of this.
Processes create associations with transport protocol ports by means of sockets. A socket is the software structure used as the transport end-point. It is created by the operating system for the process and bound to a socket address which consists of a combination of a port number and an IP address. Sockets may be set to send or receive data in one direction at a time (half duplex) or simultaneously in both directions (full duplex).
Because different services commonly listen on different port numbers, the practice of attempting to connect to a range of ports in sequence on a single computer is commonly known as port scanning. This is usually associated either with malicious cracking attempts or with network administrators looking for possible vulnerabilities to help prevent such attacks.
Port connection attempts are frequently monitored and logged by computers. The technique of port knocking uses a series of port connections (knocks) from a client computer to enable a server connection.
ExamplesAn example for the use of ports is the Internet mail system. A server used for sending and receiving email generally needs two services. The first service is used to transport email to and from other servers. This is accomplished with the Simple Mail Transfer Protocol (SMTP). The SMTP service application usually listens on TCP port 25 for incoming requests. The second service is the Post Office Protocol (POP) which is used by e-mail client applications on user's personal computers to fetch email messages from the server. The POP service listens on TCP port number 110. Both services may be running on the same host computer, in which case the port number distinguishes the service that was requested by a remote computer, be it a user's computer or another mail server.
While the listening port number of a server is well defined (IANA calls these the well known ports), the client's port number is often chosen from the dynamic port range (see below). In some applications, the client and the server each use specific port numbers assigned by the IANA. A good example of this is DHCP in which the client always uses UDP port 68 and the server always uses UDP port 67.
Use in URLsPort numbers can occasionally be seen in the Uniform Resource Locator (URL) of a website or other services. By default, HTTP uses port 80 and HTTPS uses port 443, but a URL like http://www.example.com:8000/path/ specifies that the web site is served by the HTTP server on port 8000. The active transport layer protocol ports may be discovered on many operating systems (Windows, Unix-like, z/OS) with the command line netstat -a.
Common port numbersThe Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. This includes the registration of commonly used port numbers for well-known Internet services.
The port numbers are divided into three ranges: the well-known ports, the registered ports, and the dynamic or private ports. The well-known ports are those from 0 through 1023. Examples include:
- 21: FTP
- 22: SSH
- 23: Telnet
- 53: Domain Name System
- 80: World Wide Web HTTP
- 119: Network News Transfer Protocol
- 443: HTTP over Transport Layer Security/Secure Sockets Layer
- 445: microsoft-ds, Server Message Block over TCP
HistoryThe concept of port numbers was established by the early developers of the ARPANET in informal cooperation of software authors and system administrators.
The term port number was not yet used at this time. It was preceded by the use of the term socket number in the early development stages of the network. A socket number for a remote host was a 40-bit quantity. The first 32 bits were similar to today's IPv4 address, but at the time the most-significant 8 bits were the host number. The least-significant portion of the socket number (bits 33 through 40) was an entity called Another Eightbit Number, abbreviated AEN, today's port number.
On March 26, 1972, Vint Cerf and Jon Postel called for documenting the then current usages and establishing a socket number catalog in RFC 322. Network administrators were asked to submit a note or place a phone call, "describing the function and socket numbers of network service programs at each HOST".
This catalog was subsequently published as RFC 433 in December 1972 and included a list of hosts and their port numbers and the corresponding function used at each host in the network. This first registry function served primarily as documentation of usage and indicated that port number usage was conflicting between some hosts for "useful public services".
The document promised a resolution of the conflicts based on a standard that Postel had published in May 1972 in RFC 349, in which he first proposed official assignments of port numbers to network services and suggested a dedicated administrative function, which he call a czar, to maintain a registry.
The 256 values of the AEN were divided into the following ranges:
- 0 through 63: network-wide standard functions
- 64 through 127: host-specific functions
- 128 through 239: reserved for future use
- 240 through 255: any experimental function
1 Telnet 3 File transfer 5 Remote job entry 7 Echo 9 DiscardIn the early ARPANET, the AEN was also called a socket name and was used with the Initial Connection Protocol (ICP), a component of the Network Control Program (NCP) NCP was the forerunner of the modern Internet protocols. Today the terminology service name is still closely connected with port numbers, the former being text strings used in some network functions to represent a numerical port number.