Behind The Scenes of a Website – Part 2
Hayden Smith reveals what happens behind the scenes of a web address.. In this post, he talks ports and protocols…
Management of a VPS, and especially firewall configuration, can introduce you to a lot of strange and interesting terminology. One term that is relevant to these areas is the concept of ports. Rather than a physical port into which you connect something, ports in terms of networking refer to a visualized version of such physical ports.
The concept of ports exists as a way for different applications to receive network traffic without the networking software stack having to be explicitly aware of the software. It also enables multiple applications to simultaneously share the same IP address. There are two main data transmission protocols that use port numbering. These are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Whilst both TCP and UDP protocols use the same range of port numbers, due to the difference in protocols the two similarly numbered ports on each protocol are seen as distinct ports.
When data packets are transmitted across the network, the packets are tagged with the protocol in use, as well as the destination IP and port and the source IP and port. The port used by an application transmitting data from your computer need not be the same as the port the traffic is destined for at the target computer.
In fact, this is often the case, as port numbers below 1024 are reserved for widely-used specific applications. This means that, for most services in use, a user would not need to know the specific port to which they will be connecting. These ports are used mostly for server applications that listen for incoming traffic.
Port numbers between 1024 and 49152 are similarly reserved in their use, but for less widely-known applications. Port numbers over 49152 are commonly used as what are known as ephemeral ports. Ephemeral ports are ports that are opened by an application that is making an outbound connection to another computer and are used only for the duration of the required communication before being closed again.
Many common server applications have a port number for the protocol they use assigned to them by convention. While you can make an application use a port assigned to a different application, this would cause confusion for people communicating with the server. Below is a list of a few common applications and the port and protocol that the server applications are assigned…
TCP 22 SSH (secure shell)
TCP 25 SMTP (email sending)
TCP/UDP 53 DNS (domain name resolution)
TCP 80 HTTP (web sites)
TCP 110 POP (server for retrieving email to a client)
UDP 123 NTP (network time protocol)
TCP 143 IMAP (server for retrieving email to a client)
TCP 443 HTTPS (websites using SSL)
TCP 3389 RDP (Microsoft Windows remote desktop)
To give an example of how this may work, imagine your computer is opening a website. The web browser will open an ephemeral TCP port, say 52123, and will make a connection to TCP port 80 on the destination server, where it will request the web page desired. The server will then send it’s response from TCP port 80 back to the ephemeral port that the browser has open. Once the page is received the ephemeral port is closed and then available for another application to use when needed.
Bearing all this in mind, once you know and understand which ports the software on your server should be using you will be able to ultimately configure your firewall in more detail and be better able to diagnose application specific network issues on your server.