Like a sailor on the high seas, network connections go from port to port. But what is a port? And when can they become risky? Geoff Meads explains how ports operate.

In the wonderful world of technology, we like to confuse ourselves – our insistence on having an acronym for everything is a great example of this.

Any new technology must have a ‘memorable’ acronym to describe it. Since literally everything must have an acronym there are now too many to remember and the whole process is self-defeating. Great.

Ports vs Ports

Another example is the word ‘Port’.  ‘Port’ has come to be used in hardware anytime a piece of equipment has a connector. For example, ‘this is a 24-port switch’. This example is particularly frustrating because, in network terms’ a ‘port’ is something quite specific and with a particular use.

You can spend quite a bit of time working with networks before you ever need to deal with these ports but there are some situations where knowledge and understanding of them is essential. This article will help you get to know ports a little better and learn some of their uses and pitfalls!

What is a port?

Whenever we connect a host device to a network (let’s take a laptop as an example) its network connection is made using a piece of hardware called a ‘Network Interface Controller’ or ‘NIC’. In our laptop example you might find two NICs, one for a wireless connection and another for a wired (RJ45) connection.

If you have a modern super-thin laptop with no RJ45 connector then the network adapter widget you plug in contains the NIC.

The NIC has many jobs. It contains the MAC address for layer 2 network connections and acts as a mini layer 3 router for internal traffic using its internal IP address (or ‘localhost’ address) of 127.0.0.1. But it also has another job, that is directing incoming traffic to internal applications based on which ‘service’ they are offering. When traffic arrives the host device’s NIC will need to know which application within the host the traffic is intended for and for that it uses a piece of data in the traffic’s header called a port number.

To separate applications within a single host we use these ‘port’ numbers.

Imagine a telephone operator at a local business. The main phone number for the business is its IP address and the NIC is the operator. Incoming callers will phone the main number (IP address) and request a particular department such as ‘accounts’, ‘sales’ or ‘HR’. These departments within the business each have an internal phone number. The receptionist must direct each incoming call to the right number for the required department.
In networking terms each department is a ‘service’, and each phone number is a ‘port’. Requests to an IP address must also contain a port number. When written down together the IP address and port number are separated by a colon. For example, ‘65.4.132.98:80’ means port 80 on the host device at IP address 65.4.132.98.

Port Numbers

Port numbers are 16-bit binary numbers but are usually described by their equivalent decimal number. Being a 16-bit binary number, a port number has a decimal equivalent of between 0 and 65535.

Within this range we have three sub-groups of numbers. For regularly used services we use port numbers between 0 and 1023 and it is normal to only use these numbers for an agreed service. These are referred to as ‘Common Port Numbers’ or ‘Well Known’ ports.

The next group or ports (1024 to 49151) are known as ‘Registered’ ports and are also normally used for specific purposes. However, these ports can be used for other services within local networks if needed.

Finally, the highest port numbers (from 49152 to 65535) are more freely assigned by network administrators. These are referred to as ‘dynamic’ or ‘private’ ports.

Common ports should not be used for anything but their expected service. For example, port 20 is always used for File Transfer protocol (FTP) and port 25 for Simple Mail Transfer Protocol (SMTP). If you need a port number for a specific service (and there is no common port for the type of service you’re creating) then it is best to assign a port number greater than 49152.

Private ports can also be used to differentiate two similar services at the same IP address. For example, if a NAS drive offers two FTP file sharing services to network traffic one could be on port 20 and another on port 49220 yet they are still at the same IP address. Incoming traffic specifies which port number it needs depending on which of the two services it wants.

Port Forwarding

Before we discuss port forwarding, I must include a warning. Port Forwarding can be a huge security risk. While some applications sill can’t work without it, port forwarding is to be avoided and the description provided here is only made to offer a full explanation of the technology and explain where the risk lies.

In a modern, domestic router there is a simple rule. Only outbound traffic (LAN to WAN) is allowed. Incoming traffic is blocked, regardless of port number, unless it’s a direct response to a previous outbound request. A good example of this is email.

Your email hosting service does not send new emails to your laptop directly. It can’t send them to your device because the rules in your local router won’t allow it. In practice your email program (Outlook, Mac Mail, etc) dials out to your email hosting service periodically and asks if there is new mail. The email hosting then sends back new emails as a response (which is allowed by the router) and on to your device.

Before Cloud services and VPNs were ubiquitous, the most common way to gain access to host devices within a remote LAN (for example remote access from your office to a device in a client’s home) was with Port Forwarding. This is achieved by adding new rules within the remote router’s configuration.

As an example, a new rule might state that ‘traffic arriving at the WAN (Internet) side of the router and requesting port number 20 should be directed to the LAN server at 192.168.1.100 port 20’. This rule effectively allows any traffic from the WAN asking for port 20 to be directly connected to the LAN device at the IP address of 192.168.1.100. With this in place there is no longer a firewall protecting the device at 192.186.1.100 and anyone attempting this connection from access now has access to your LAN.

You can see why we don’t do this anymore!

Ports are Powerful

Ports are powerful things and expand the functionality of a host device massively. However, opening ports on your router is a huge security risk which, especially in these days of global tension and possible cyber-attacks, should be avoided at all costs.