The Internet Assigned Numbers Authority (IANA) is the standards organization responsible for assigning various addressing standards, including the 16-bit port numbers. The 16 bits used to identify the source and destination port numbers provides a range of ports from 0 through 65535.
The IANA has divided the range of numbers into the three port groups shown in Table 26-3.
Table 26-3 Details of Port Number Groups
Note
Some client operating systems may use registered port numbers instead of dynamic port numbers for assigning source ports.
Table 26-4 displays some common well-known port numbers and their associated applications.
Table 26-4 Well-Known Port Numbers
Some applications may use both TCP and UDP. For example, DNS uses UDP when clients send requests to a DNS server. However, communication between two DNS servers always uses TCP.
Search the IANA website for port registry to view the full list of port numbers and associated applications.
Unexplained TCP connections can pose a major security threat. They can indicate that something or someone is connected to the local host. Sometimes it is necessary to know which active TCP connections are open and running on a networked host. Netstat is an important network utility that can be used to verify those connections. As shown in Example 26-1, enter the command netstat to list the protocols in use, the local address and port numbers, the foreign address and port numbers, and the connection state.
Example 26-1 The netstat Command on a Windows Host
C:>
netstat
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.124:3126 192.168.0.2:netbios-ssn ESTABLISHED
TCP 192.168.1.124:3158 207.138.126.152:http ESTABLISHED
TCP 192.168.1.124:3159 207.138.126.169:http ESTABLISHED
TCP 192.168.1.124:3160 207.138.126.169:http ESTABLISHED
TCP 192.168.1.124:3161 sc.msn.com:http ESTABLISHED
TCP 192.168.1.124:3166 www.cisco.com:http ESTABLISHED
By default, the netstat command attempts to resolve IP addresses to domain names and port numbers to well-known applications. Adding the -n option displays IP addresses and port numbers in their numerical form.
Check Your Understanding—Port Numbers (26.4.5)
Refer to the online course to complete this activity.
TCP Communication Process (26.5)
TCP is considered a stateful protocol because it establishes a session between source and destination and keeps track of the data within that session. This section covers how TCP establishes this connection to ensure reliability and flow control.
You already know the fundamentals of TCP. Understanding the role of port numbers will help you to grasp the details of the TCP communication process. In this section, you will also learn about the TCP three-way handshake and session termination processes.
Each application process running on a server is configured to use a port number. The port number is either automatically assigned or configured manually by a system administrator.
An individual server cannot have two services assigned to the same port number within the same transport layer services. For example, a host running a web server application and a file transfer application cannot have both configured to use the same port, such as TCP port 80.
An active server application assigned to a specific port is considered open, which means that the transport layer accepts and processes segments addressed to that port. Any incoming client request addressed to the correct socket is accepted, and the data is passed to the server application. There can be many ports open simultaneously on a server, one for each active server application.
The following details information about TCP server processes.
In Figure 26-15, Client 1 is requesting web services and Client 2 is requesting email service from the same server.
Figure 26-15 Clients Sending TCP Requests
In Figure 26-16, Client 1 is requesting web services using well-known destination port 80 (HTTP) and Client 2 is requesting email service using well-known port 25 (SMTP).
Figure 26-16 Request Destination Ports
Client requests dynamically generate a source port number. In Figure 26-17, Client 1 is using source port 49152 and Client 2 is using source port 51152.
Figure 26-17 Request Source Ports
When the server responds to the client requests, it reverses the destination and source ports of the initial request, as shown in Figures 26-18 and 26-19. Notice that the server response to the web request now has destination port 49152 and the email response now has destination port 51152, as shown in Figure 26-18.
Figure 26-18 Response Destination Ports
The source port in the server response is the original destination port in the initial requests, as shown in Figure 26-19.
Figure 26-19 Response Source PortsFigure 26-19 Response Source Ports