TCP/IP Ports and Sockets Explained

tcp-portsOn a TCP/IP network every device must have an IP address.

The IP address identifies the device e.g. computer.

However an IP address alone is not sufficient for running network applications, as a computer can run multiple applications and/or services.

Just as the IP address identifies the computer, The network port identifies the application or service running on the computer.

The use of ports allow computers/devices to run multiple services/applications.

The diagram below shows a computer to computer connection and identifies the IP addresses and ports.





TCP-IP-ports-sockets

Analogy

If you use a house or apartment block analogy the IP address corresponds to the street address.

All of the apartments share the same street address.

However each apartment also has an apartment number which corresponds to the Port number.

Port Number Ranges and Well Known Ports

A port number uses 16 bits and so can therefore have a value from 0 to 65535 decimal

Port numbers are divided into ranges as follows:

Port numbers 0-1023 – Well known ports. These are allocated to server services by the Internet Assigned Numbers Authority (IANA). e.g Web servers normally use port 80 and SMTP servers use port 25 (see diagram above).

Ports 1024-49151- Registered Port -These can be registered for services with the IANA and should be treated as semi-reserved. User written programs should not use these ports.

Ports 49152-65535– These are used by client programs and you are free to use these in client programs. When a Web browser connects to a web server the browser will allocate itself a port in this range. Also known as ephemeral ports.

TCP Sockets

A connection between two computers uses a socket.

A socket is the combination of IP address plus port

{outline]Each end of the connection will have a socket.{/outline]

Imagine sitting on your PC at home, and you have two browser windows open.

One looking at the Google website, and the other at the Yahoo website.

The connection to Google would be:

Your PC – IP1+port 60200 ——– Google IP2 +port 80 (standard port)

The combination IP1+60200 = the socket on the client computer and IP2 + port 80 = destination socket on the Google server.

The connection to Yahoo would be:

your PC – IP1+port 60401 ——–Yahoo IP3 +port 80 (standard port)

The combination IP1+60401 = the socket on the client computer and IP3 + port 80 = destination socket on the Yahoo server.

Notes: IP1 is the IP address of your PC. Client port numbers are dynamically assigned, and can be reused once the session is closed.

TCP and UDP -The Transport Layer

Note: You may find reading the article on the TCP/IP protocol suite useful to understand the following

IP addresses are implemented at the networking layer which is the IP layer.

Ports are implemented at the transport layer as part of the TCP or UDP header as shown in the schematic below:

tcp-ip-packet

The TCP/IP protocol supports two types of port- TCP Port and UDP Port.

TCP – is for connection orientated applications. It has built in error checking and will re transmit missing packets.

UDP – is for connection less applications. It has no has built in error checking and will not re transmit missing packets.

Applications are designed to use either the UDP or TCP transport layer protocol depending on the type of connection they require.

For example a web server normally uses TCP port 80.

It can use any port, but the web server application is designed to use a TCP connection. See TCP vs UDP

Here is a very good video that explains ports and sockets really well

Checking For Open Ports

Windows and Linux systems have a utility called netstat which will give you a list of open ports on your computer.

These articles show you how to use netstat on windows and on linux.

You can check the port status of remote machines using a port scanner line nmap.

You can install NMAP on windows,Linux and Apple. It can be used with a graphical user interface of as a command line tool.

Here is a useful article on using NMAP from the command line.

Here is a good video on using Nmap and also covers TCP/IP connection procedures which is useful for understanding ports.

References and resources:

TCP and UDP basics -Connecting to a website- This is for programmers but there is no coding just an explanation of ports and sockets.

Connection states– if you are wondering what established and listening and the other state descriptions mean. here is a good state diagram that it refers to.

Online port tester Collection of tools for port scanning and web server testing.

Related Articles:

Facebooktwittergoogle_plusredditpinterestlinkedinmail

15 comments

  1. Hi! keep up the good work. I have few doubts though, hope you can clear them:
    1. Can you tell if a server uses a single port 80 on all of its connections to clients? Or is it used only by the Welcoming socket?
    Can port 80 handle multiple connections simultaneously?

    1. A port (e.g port 80) can handle multiple connections each connection is a socket and will have a different source IP address and port number.

  2. Could someone explain what is the socket buffer size. What’s the maximum size we can set? Is socket buffer and MTU same ?

    1. MTU is the largest packet that you can send on the network and is determined by the underlying network and protocols – https://en.wikipedia.org/wiki/Maximum_transmission_unit
      Buffer size relates to the software buffers allocated for sending and receiving data from the network.
      As far as I understand the two are not directly related.
      See this unix network programming book (MSS is equivalent to MTU as far as I understand)
      https://books.google.co.uk/books?id=ptSC4LpwGA0C&pg=PA208&lpg=PA208&dq=socket+buffer+size&source=bl&ots=Kt1FTmgoTn&sig=3bumDm1zhIYx1GgPg6hNvSb5jrQ&hl=en&sa=X&ved=0ahUKEwiu9JWo66zZAhUsJ8AKHd0BDYEQ6AEIUzAE#v=onepage&q=socket%20buffer%20size&f=false

  3. One basic thing I have been trying to determine is what is a socket. Eg is a stream socket a means to access tcp or something built on top of tcp? Reading many explanations of sockets this is not clear. Ie, can you read any tcp stream using a socket, or do both ends have to use sockets for it to work?

    1. All data communication over tcp/ip and udp/ip uses sockets. Streaming refers to how the data is transmitted i.e. as contiguous bytes see socket stream om WIKI https://en.wikipedia.org/wiki/Stream_socket.
      A socket is effectively an application ID as it is the combination of port and IP address that the application is using.
      Both end of the connection will use a socket regardless of whether they are streaming data or sending datagrams (UDP).
      See also http://www.tcpipguide.com/free/t_TCPIPSocketsandSocketPairsProcessandConnectionIden.htm

Leave a Reply

Your email address will not be published. Required fields are marked *