Port (networking)

In TCP and UDP networks, ports are used for incoming and outgoing connections to/from services running on a given host. For instance, BIND's implementation of DNS runs as the named service and by default listens on UDP port 53 (zone transfers use TCP port 53). The HTTP protocol typically listens on TCP port 80.

You can find a listing of ports as they are translated to services in /etc/services.

A port on a specific computer is called a socket. It can be open, closed, listening or have a connection established.

= Exploring the concept =

using lsof
As discussed, a web server listens on port 80 (http) by default. To test this, you can install and start the web server apache, in this example for SUSE Linux: yast -i apache2 /etc/init.d/apache2 start You will find that apache is indeed listening on port 80: lsof -i COMMAND   PID   USER   FD   TYPE DEVICE SIZE NODE NAME ... httpd2-pr 8456 wwwrun   3u  IPv4  49805       TCP *:http (LISTEN) This tells us that the process httpd2-pr(efork) is listening on the http port, running as user wwwrun for TCP connections. httpd2-prefork is part of the apache2 package: rpm -qf $(which httpd2-prefork) apache2-prefork-2.2.3-20

using nmap
You can watch if the port is open to a given computer, e.g. there is no firewall between it: nmap localhost Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-11-23 12:38 CET Interesting ports on localhost (127.0.0.1): Not shown: 1677 closed ports PORT   STATE SERVICE 22/tcp open  ssh 80/tcp open  http 111/tcp open rpcbind Nmap finished: 1 IP address (1 host up) scanned in 0.272 seconds This tells us that we can query port 80 on our local computer. You can also run nmap for remote computers.

using netstat
Show the connections that involve the http port netstat -putan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address          Foreign Address         State       PID/Program name tcp       0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2873/portmap tcp       0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      8455/httpd2-prefork ... This shows that the process is listening on port 80. I also shows ESTABLISHED for established connections.

using telnet
To talk directly with your http server, you can use telnet or netcat: You submit: telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /index.html HTTP/1.1 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Thorsten Host: localhost Connection: Keep-Alive

The server responds: HTTP/1.1 200 OK Date: Sun, 23 Nov 2008 12:02:24 GMT Server: Apache/2.2.3 (Linux/SUSE) Last-Modified: Sun, 23 Nov 2008 11:59:52 GMT ETag: "311cfd-26-412de00" Accept-Ranges: bytes Content-Length: 38 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html

hello world Of course, the content of the html file you receive can be different from hello world. It is just the content of your webpage.

firewall
You understand that the apache service open a socket on port 80 and listens on it for incoming connections. Now a firewall is just a rule for the Linux kernel that closes one or more ports, so no incoming traffic is allowed on them.

= See also =
 * lsof -i : shows you the ports that have been opened by applications
 * telnet : allows you to send and receive bytes with an arbitrary port
 * nmap : tells you what ports are open for an arbitrary computer
 * netstat -putan : tells you what ports are listening or have a connection established
 * netCat : allows you to send and receive bytes with an arbitrary port
 * firewalling
 * http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers