Understanding Ports and Network Services

2 min read Infrastructure & DevOps Security

Understanding Ports and Network Services

Network ports facilitate communication between systems by providing endpoints for specific services and applications. The combination of an IP address and port number creates a unique socket, enabling multiple services to operate simultaneously on a single system. Understanding port fundamentals helps administrators make informed decisions about which services to expose and how to secure them properly.

TCP and UDP protocols handle port-based communication differently, with TCP providing reliable, connection-oriented communication while UDP offers faster, connectionless transmission. Well-known ports (0-1023) traditionally require administrative privileges and host standard services like HTTP (80), HTTPS (443), SSH (22), and RDP (3389). Registered ports (1024-49151) serve specific applications, while dynamic ports (49152-65535) handle temporary client connections.

Service-to-port mappings define which applications listen on specific ports. On Linux systems, /etc/services contains standard port assignments:

# View common service ports
grep -E "^(ssh|http|https|ftp|smtp|mysql|postgresql)" /etc/services
# Output:
# ssh             22/tcp
# http            80/tcp
# https           443/tcp
# ftp             21/tcp
# smtp            25/tcp
# mysql           3306/tcp
# postgresql      5432/tcp

Windows maintains similar mappings in %SystemRoot%\System32\drivers\etc\services. Understanding these mappings helps identify legitimate services versus potentially malicious listeners. Attackers often use non-standard ports to evade detection, making comprehensive port monitoring essential for security.