- Setting up Auditing & Logging of Files/Objects Using Native Windows File Server Tools - 16th October 2020
- Designing Key Performance Indicators (KPI) - 15th July 2020
- DDOS Attacks and Website Hacking - 6th July 2020
IP Ports (Standard & Ephemeral)
A brief description of what ports are in networking, their purpose and how are they used
In continuation of our series delving into how the Cloud works, in this blog post, we will be looking at IP ports – what they are, what they do and how and why are they used. I have also published a blog post looking into IP addresses in further detail, an interrelated subject to IP Ports, which will help complement the information posted here.
Transimission Control Protocol / Internet Protocol (TCP/IP) are two protocols that are used together to provide core functionality within networking. IP is the address system of networking and has the core function of delivering packets (smaller chunks of larger data) of information from a source device to a target device. IP is the primary way in which network connections are made. Packets however may arrive at their order via dirrerent network routes and thus might not all arrive in their correct order. IP does not handle packet ordering or error checking. Such functionality requires another protocol, typically TCP.
TCP is “connection-orientated” which means it's for connecting the applications running on devices together. And devices, servers especially, always have more than one application running – for e.g. a server will have multiple monitoring applications used by admins to measure and log the health of a server in addition to the primary business application(s) running on it.
As described in a separate blog post focusing on IP addressing, servers, and the applications that run on them (particularly web applications) have names, and those names 'resolve' into IP addresses using DNS. For example www.z-tech.io might resolve into 220.127.116.11 (taking a name and translating that to an IP address is done by a DNS server doing a simple look-up from a list). Thus, IP addresses are used to connect two applications together (for e.g. an email client connecting to it’s email server).
However, the server running the application will also have other applications running on it that are also connected to the network (for e.g. server health monitoring applications used by admins that connect to servers used to manage servers).
This leads to an issue that is resolved by the usage of ports: When an application is sending data to a server which has many applications running on it at the IP address specified, how does the sending application avoid sending the data to the incorrect application on the destination server?
The solution – Ports
When an application sends data, the destination address comprises of the IP address and another number called a port. The common notation for depicting this in documentation is <ip address> : <port number>, for e.g. 192.168.0.1 : 22. The entire range of port numbers go from 0 – 65535
With this approach, servers have running applications awaiting data to be sent to them and each application will have been bound to a port. The assigning of which ports are used by which type of application is done by a body called the Internet Assigned Numbers Authority (IANA), which helps to ensure that different type of applications don’t end up using the same port. Applications awaiting data are said to be “listening” on their port (with each port being unique to an application within the network and on that server).
When a data packet is received by a server, it will analyse the port in the address and then send that packet to the relevant application. When an application is sending data to a server, it always adds the port number to the address header in the packet.
Port numbering conventions
The reason users (humans) don’t have to specify the port number themselves whenever they use an application is that certain types of programs always use the same Port. So for e.g. web browsers typically know what Port to use to connect to web servers. Some common standards, maintained by IANA, are below and a full list can be found here:
- 20 FTP
- 22 Secure Shell (SSH)
- 25 Simple Mail Transfer Protocol (SMTP)
- 53 Domain Name System (DNS)
- 80 Hypertext Transfer Protocol (HTTP)
- 110 POP3 (Mail)
- 443 (HTTPS)
- 3306 (MySQL)
When a client application is connecting to a server, it needs to have a port assigned to it to send data on to the server and to listen on for incoming data from the server when it responds back. The Operating System (OS) of the application selects this port randomly to become the port that it will use to send / receive data for that server and application. This port is called an ephemeral port and, depending on the type and version of the OS the port ranges that the OS can usually select from are 1024 – 65535.
Different OSs use different port ranges for ephemeral ports.
- Many Linux versions use port range 32768 – 61000
- Windows versions (until XP) use 1025 – 5000.
- Later Windows versions, including Vista, Windows 7 and Server 2008, use the Internet Assigned Number Authority (IANA) suggested range of 49152 – 65535.
- AWS Elastic load balancers and NAT gateways use port 1024-65535.
Ephemeral ports are always temporary and are only used to continue communications with a client that initially connected to one of the server's well-known service listening ports (such as those listed above). These temporary allocations are only valid for the duration of that particular communication session. After completion (or timeout) of the communication session, the ports become available for reuse.
When a client initiates a request it chooses a random port from the ephemeral port range and it expects the response at that port only. This means that when the client initiates an HTTPs or HTTP request it actually means that the destination port is 443 or 80. It is NOT the sender port.
It is for this reason that we often have to open outbound ephemeral ports on Firewalls to allow out website traffic for clients connecting to webservers and inbound ephemeral ports to allow in traffic for webservers taking feeds from external services (such as server updates, or application data updates or live feeds from news sites or stock exchanges).