Security 102 - TCP Port Primer
Author: Bill Ricardi
Reviewer: uTest
What's a Port?
If you had a friend who lived in a big apartment building and you wanted to send him a letter, you would need to address the envelope properly. It isn't enough to know his street number - hundreds of people live at that address! You also need to know his apartment number, so that the mailman drops your message in the right slot.
In the world of TCP (and thus TCP/IP), the 'street number' is either a server's IP address (67.23.15.117) or their host name (vmweb.utest.com). But what some people don't realize is that you can also direct your inquiries to a specific 'apartment number' at that address. The guys living at each apartment perform a specific service; one shows you web pages, another transfers files, a third handles the email. We call these apartments 'ports' in the world of TCP (and UDP, but that is a different topic all together), and that's the subject of this primer.
How can I prove this concept?
The idea of ports isn't a new one, but if you need a practical demonstration, one can be provided. What I mean to say is that you can use one of the most trusted web sites in the world to perform a little experiment that will prove this concept. Open up a new tab in your web browser and type this into the address bar, then hit enter:
That looks normal, right? That's because web servers (HTTPD) usually live on port 80. Now try this address (in Firefox, other browsers have different messages), and watch what happens:
You'll get a message akin to: "This address uses a network port which is normally used for purposes other than Web browsing." As you can see, you have the power to direct your requests for services to specific ports! And most programs make this fairly simple. Go to a command prompt on Windows, Unix, or Mac. Type:
telnet rag.com 2222
As you can see, they're running a text-based game on port 2222. But I happen to know that they are also running their web site on the same machine. Exit out of the game and type:
telnet rag.com 80
Now type GET and press ‘Enter.’
You should see some HTML code telling you that this machine doesn't like you to use telnet to access its web server! You went to the same web address each time, but as you can see, different ports offer different services. So now you know, whenever something is asking for a port number, it wants to know where to look for a particular service.
How do I know which port handles a particular service?
Well an administrator can actually assign just about any port to any service, but they usually go with the standard numbers set forth by the worldwide Internet community. Here is a list of the most common port usage for different services on the Internet:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
So now you know that port 80 is normally used by web servers, port 20 is used for file transfer protocol (FTP), port 23 is used for telnet, etc.
I say 'normally' because any service can be adjusted to run on any port. If you have services running on a production server that you don't want the general public to find, you might want to use a non-standard port to host it. Though security through obscurity isn't much of a dodge against a determined hacker, every little bit helps.
The standard port numbers are determined and tracked by the Internet Assigned Numbers Authority (IANA), who is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. They determine when usage is common, or when a protocol is considered obsolete. Their current port list can be found at:
http://www.iana.org/assignments/port-numbers
OK, how is this useful to me?
You need to know these concepts for several more advanced tasks, including:
- Entering Proxy settings
- Using and understanding advanced Firewall applications
- Using Telnet as an exploration tool
- Scanning a server for security flaws
- Exploring hidden services on non-standard ports.
And many other things. So make sure that you understand the concept of ports in a TCP environment, and you'll be ready for more advanced learning very soon!
