A protocol is a set of rules. In computer networking, protocols defines the rules for computers to exchange information. The most common protocols used in computer networks and the internet are TCP (Transmission Control Protocol), UDP (User Datagram Protocol), and IP (Internet Protocol).

At the software (operating system) level, a port is a logical construct that identifies a specific access channel for communication between two devices over a network. Ports are identified for each protocol and IP address combination by 16-bit unsigned numbers (0 to 65535), commonly known as the port number.

Data on the Internet is organized into standard TCP or UDP packets. Network clients use different ports (or channels) to transfer this data. Generally one port is used to send data and another to receive it, so packets don’t collide. The port number (and the destination IP address) is included as part of the header each packet is given. Bi-directional communications and more complex connections may use multiple ports (channels) simultaneously.

Internet communication between a client and a server use both an IP address and a port. Every internet connection has 4 numbers associated with it – an IP address for each end (identifying the machines that are talking) and a port number for each end which is associated with a specific program. A port is always associated with an IP address of a host and the protocol type for the communication.

A server application tells the operating system what port it is listening to (the port it can be contacted on). By convention, “normal” web content is usually requested by a browser by communicating to a web-server on port 80.

Specific port numbers are commonly reserved to identify specific services, so that an arriving packet can be easily forwarded to a running application.

To block access configure a firewall (in the operating system or router) to block either the destination IP, port, or both.

At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service.

Every application running on a Linux system capable of communicating over a network has a unique port number.

For a full list of ports see the Linux Training Academy ports page.

Port Categories

Well Known Ports: 0 – 1023

Well Known Ports are associated with services considered critical or essential. They are also referred to as System Ports. The Internet Assigned Numbers Authority (IANA) has assigned port numbers to commonly used services like SSH, FTP, HTTP, HTTPS, and others.

Some of the most common Well Known ports

Port Number Usage
20 File Transfer Protocol (FTP) Data Transfer
21 File Transfer Protocol (FTP) Command Control
22 Secure Shell (SSH)
23 Telnet – Remote login service, unencrypted text messages
25 Simple Mail Transfer Protocol (SMTP) E-mail Routing
53 Domain Name System (DNS) service
80 Hypertext Transfer Protocol (HTTP) used in World Wide Web
110 Post Office Protocol (POP3) used by e-mail clients to retrieve e-mail from a server
119 Network News Transfer Protocol (NNTP)
123 Network Time Protocol (NTP)
143 Internet Message Access Protocol (IMAP) Management of Digital Mail
161 Simple Network Management Protocol (SNMP)
194 Internet Relay Chat (IRC)
443 HTTP Secure (HTTPS) HTTP over TLS/SSL

Registered Ports: 1024 – 49151

Referred to as Registered Ports or User Ports and as the name indicates, can be reserved by sending a request to the Internet Assigned Numbers Authority (IANA).

Dynamic Ports: 49152 – 65535

Referred to as Dynamic Ports and are suggested for private use. They also referred to as the Private Ports.

Port Listening

A service is said to be “listening” on a port when it is binding to a port/protocol/IP address combination in order to wait for requests from clients of the service. Upon receipt of the request, it establishes a one-to-one server client dialog using the same port number.

Paying attention to which ports are listening on your network is important as open ports can be evidence of an intrusion on your network. Knowledge of the Linux open ports and the kind of information being sent out helps you to thwart malicious efforts aimed at your system. Knowing this is an important part of securing your system.

Unix / Linux Tools for working with ports

  • ss
  • lsof
  • netstat
  • nmap

The client operating system (Windows, Mac OS, Linux, Android, iOS, etc.) assigns a random number to the browser’s connection for the purposes of allowing the server to communicate back to the browser. It is not true that there is a port for every window.

Using the following command, a list of applications and ports is displayed on your terminal:

cat /etc/services

The state of a port is either open, filtered, closed, or unfiltered.
A port is said to be open if an application on the target machine is listening for connections/packets on that port.

TCP: TCP stands for Transmission Control Protocol. It is the most commonly-used protocol on the Internet. TCP is not just one-way communication, rather it sends packets back to acknowledge it’s received your packets.

UDP: Also known as User Datagram Protocol. It is an alternative communications protocol to TCP. The UDP protocol works similar to TCP. However, it ignores all error-checking stuff. UDP is necessary when speed is desirable and error correction is not needed.

SOCKETS: Socket allows communication from two different processes on the same or different machines.