Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Computers have a variety of physical hardware ports over which data is transmitted between input/output devices and external peripherals. A typical computer has parallel printer ports, serial ports, USB ports, a keyboard connector, and a mouse connector. Likewise, software processes running in computers need "software ports" to connect with other software processes. Interprocess communication (IPC) takes place between these ports.

In the Internet Protocol suite, the TCP and UDP protocols use ports to support interprocess communications between different networked devices. A single host may have multiple processes running at the same time, connected to one or more computers. Each of these processes is multiplexed through the same network interface and local network link. In other words, packets from each of these processes are interleaved and sent through the network interface. A port can be thought of as a message queue through which these packets pass.

Each process must be distinguished from other processes, and this is done with port numbers. Ports are numbered from 0 to 65536. The most popular applications and protocols, such as FTP, SMTP and SNMP, are preassigned to "well-known" ports. RFC 1700 (Assigned Numbers, October 1994) outlines these ports, although the list is slightly outdated. The Web sites listed on the related entries page have additional information.

An application that provides a network service opens its assigned port and waits for messages to arrive on that port. For example, a Web server opens port 80. When a Web browser contacts a Web server, it directs its messages to port 80, the "well-known HTTP services port." Likewise, SNMP opens port 161. All SNMP management applications know to use this port. Some applications use multiple ports. If you use FTP (File Transfer Protocol) to request a file from an FTP server, the request is sent over one channel and the file is transmitted back over another channel. FTP uses ports 20 and 21.

Keep in mind that a port only identifies one process running in one computer. The port is combined with the IP address of the host to create a socket. This is like combining a name with an address on an envelope to identify a mail recipient at a postal address.

A socket identifies a process running in a specific computer, so it is one end of a logical connection across a packet-switched network. The other end of a connection is identified by another socket. Therefore, a pair of sockets forms a connection and the connection is uniquely identified by the "local socket/foreign socket" address pair. Once a connection is made, the connected systems can begin to exchange data. See "Connection Establishment," "Flow-Control Mechanisms," and "TCP (Transmission Control Protocol)" for more information.

Note that ports and sockets are associated with "long-term connections," something that is specific to TCP and UDP. Both are connection-oriented transport layer protocols. IP is a network layer connectionless protocol. Source port and destination port numbers are inserted into fields in the TCP and UDP packet headers. IP headers have source and destination IP address fields. The combination of the port numbers in the TCP or UDP header and the IP addresses in the IP header identifies sockets.

Portscanning is a technique that is used to discover the services being offered by a host. Hackers attempt to connect to each known port to see whether the target host offers a response. If a response occurs, the hacker may exploit a weakness in the application that is available at that port.

Refer to RFC 793 (Transmission Control Protocol, September 1981) and RFC 1180 (A TCP/IP Tutorial, January 1991) for more information about ports.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.