networking fundamentals

Port

port networking-fundamentals transport-layer services
Plain English

If an IP address is the street address of an apartment building, a port is the apartment number. A single server (one IP address) can run a web server, an SSH server, a database, and an email server simultaneously because each service listens on a different port number. When you visit a website, your browser connects to port 443 (HTTPS). When you SSH into a server, you connect to port 22.

Technical Definition

A port is a 16-bit unsigned integer (0-65535) in the TCP or UDP header that identifies a specific process or service on a host. The combination of IP address + port + protocol uniquely identifies a network endpoint (socket).

Port ranges:

RangeNameAssignmentExamples
0-1023Well-known / SystemIANA-assigned, requires root22 (SSH), 53 (DNS), 80 (HTTP), 443 (HTTPS)
1024-49151RegisteredIANA-registered, user-space3306 (MySQL), 5432 (PostgreSQL), 8080 (HTTP alt)
49152-65535Dynamic / EphemeralOS-assigned for client connectionsSource ports for outbound connections

Common ports every IT professional should know:

PortProtocolService
22TCPSSH
25TCPSMTP (email sending)
53TCP/UDPDNS
67/68UDPDHCP (server/client)
80TCPHTTP
443TCPHTTPS
3306TCPMySQL
5432TCPPostgreSQL
6379TCPRedis
8080TCPHTTP alternative / proxy

Port states (from a scanner’s perspective):

  • Open: a service is listening and accepting connections
  • Closed: no service is listening; the OS responds with TCP RST
  • Filtered: a firewall is dropping or rejecting packets; no response

Listening: a server process “binds” to a port and waits for incoming connections. Only one process can bind to a specific port + protocol combination at a time (unless using SO_REUSEPORT).

Working with ports 

# List all listening ports (Linux)
$ ss -tlnp
State  Recv-Q  Send-Q  Local Address:Port  Process
LISTEN 0       128     0.0.0.0:22          users:(("sshd",pid=1234))
LISTEN 0       511     0.0.0.0:80          users:(("nginx",pid=5678))
LISTEN 0       128     127.0.0.1:5432      users:(("postgres",pid=9012))

# Check if a specific port is open on a remote host
$ nc -zv example.com 443
Connection to example.com 443 port [tcp/https] succeeded!

# Scan common ports with nmap
$ nmap -sT -p 22,80,443,3306,5432 10.0.0.5
PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
443/tcp  open     https
3306/tcp filtered mysql
5432/tcp closed   postgresql

# Find which process is using a specific port
$ sudo lsof -i :8080
COMMAND  PID  USER  TYPE  DEVICE  NODE  NAME
node     3456 app   IPv6  TCP     *:8080 (LISTEN)
In the Wild

Ports are referenced constantly in IT work. Firewall rules are fundamentally “allow or deny traffic on specific ports.” Docker exposes container services by mapping host ports to container ports (-p 8080:3000). Security hardening starts with closing unnecessary ports: a server running only a web application should only expose ports 80 and 443. Port scanning (nmap) is a standard step in both penetration testing and security audits. The “Address already in use” error that every developer has encountered means another process is already bound to that port. Changing default ports (running SSH on 2222 instead of 22) provides minimal security through obscurity but reduces automated scanning noise.

← Back to Dictionary