When your web browser or email program connects to another computer on the Internet, it does so through a TCP/IP port. If you have a web server or FTP server running on your computer, it opens a port to which other computers can connect. Port numbers are used to distinguish one network service from another.
Mostly, this is done invisibly behind the scenes. However, knowing which programs use a specific port number becomes important when you start considering security. A firewall uses ports to form its rules about which types of network traffic to allow and which to prohibit. And the Active Connections utility (netstat.exe), used to determine which ports are currently in use, allows you to uncover vulnerabilities in your system using ports. Ports, firewalls, and the Active Connections utility are all discussed in Chapter 7.
Some firewalls make a distinction between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports, which is usually unnecessary. In most cases, programs that use the more common TCP protocol will use the same port numbers as their counterparts that use the less-reliable UDP protocol.
Ports are divided into three ranges:
Well-known ports: 0-1023 |
Registered ports: 1024-49151 |
Dynamic and/or private ports: 49152-65535 |
Since a complete port listing would consume about a hundred pages of this book, only the most commonly used ports are listed here. For a more complete listing, see any of these resources:
http://www.portsdb.org/ |
http://www.iana.org/assignments/port-numbers |
http://www.faqs.org/rfcs/rfc1700.html |
??? lists the more commonly used TCP/IP ports.
in ??? are commonly exploited by worms and other types of remote attacks. Unless you specifically need them, you should block them in your firewall or router.
Table C-1. Commonly used TCP/IP Ports and how they’re used
18.191.253.62