TCP/IP, UDP, and other protocols are defined in operating system and
application software. A port is known to be listening when a server
program instance is currently active and has acquired the port (using
one of the language facilities in the source program that communicates
to the operating system's IP stack--a layered set of software, each
layer having a specific well-defined purpose in the communication
interfacing process). A port is not listening (it is inactive) if no
server has allocated it and is actively listening (waiting for a
client connection). A client is a program on the same or remote
computer system (could be a wireless palm system as well as a device
connected by physical cables) that requests a connection to a service
on the port defined by the service (the active server software
listening on the server host). There must be match, otherwise the
server and client systems will not complete the connection. So--ports
are just virtual storage locations with active relationships to
clients and servers that use them to establish their route through
operating system components (IP stack). You might compare them to
tables where the operating system can store relationships and activate
the physical process of message transmission. The IP stack is
responsible for formatting the necessary header fields, etc. to
envelope the message (or its fragments in most cases), shipping it,
and assuring its arrival (except for UDP--that's another storY).
A port might be active on a server and yet is unknown to the Internet
because the server host is behind a firewall or router in which a
security policy implementation blocks entry of any packet that
addresses the port. Each packet header identifies the destination
port. Good security practice, however, requires removing any unneeded
service that allocates a port for listening. If the port is inactive
(no server running that has allocated it), then nothing can infiltrate
through it.
Ports 4000-max are essentially free for assignment in any application.
There are many products that define ports and some products conflict
with each other. Ports are not assigned dynamically to incoming
packets. A port cannot receive packets unless an active server has
allocated it and accepts the connection. The server can disconnect a
TCP connection if the packet content fails to meet its requirements.
In this case, the remote client is informed that the connection has
been terminated. Most server programs are merely small schedulers
that spawn unique tasks to handle a client message. The unique task
and not the server will reply to the remote client, using the remote
client's port specified in the source message. All incoming traffic
has both a destination port and a source port. The client might use
any available port from a pool set aside for it. In this sense, ports
are arbitrary. On the other hand, servers can open multiple ports and
check each on a rotational interval. This is much more complicated,
but serves to improve the server's ability to handle large numbers of
incoming client messages. By the way, a server might define source
port requirements and refuse to process messages whose source ports do
not meet its definitions--or it might not care at all. Most well
thought out firewall policies (and routers, too) express the
requirements for source ports acceptable for protocols and services.
Hope this helps in understanding ports--in addition to the information
already posted.
Eric Malmstrom
______________________________ Reply Separator _________________________________
Subject: Re: explanation of ports
Author: "Dave Gillett" <[EMAIL PROTECTED]> at Internet
Date: 11/17/1999 1:25 AM
On 12 Nov 99, at 9:45, Roy L. Jacobs wrote:
> I am new at this and could use some assistance. I have read there
> are some 65,535 ports in tcp/ip, but have been unable to find
> anything which explains this. For instance, port 139 is ascribed by
> the tcp/ip protocol to net bios, but beyond that, I have found no
> further explanation. Does this port refer to a memory address on
> the receiving computer, or is it just some sort of sub-address.
> Where I am lost is when one claims that a certain port is "open" on
> a particular computer, what does that mean? I would greatly
> appreciate some help so I can be pointed in the right direction
> for further study. Thank you.
TCP and UDP "ports" are not physical constructs; they're "virtual"
objects which allow multiple sessions/conversations to share the same
physical connection. Each packet that arrives using either of these
protocols (indicated by a "protocol" field in its headers...) is also
distinguished by a "port number" field, by which the protocol stack
on the receiving machine can determine which communicating
process/instance is intended to receive the packet. Most port
numbers are assigned more-or-less at random, with the exception that
when beginning a conversation/session, the recipient port number will
generally be one of the "well-known" or "registered" ports, selected
because the intended recipient functionality is expected to already
be bound to that port and awaiting such connections.
[Thus the frequent question: Someone is trying to connect to my
port X; what service do they expect to find there?]
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Received: from mimesweeper2.sec.gov ([162.138.246.4]) by smtpgate1.sec.gov with
SMTP
(IMA Internet Exchange 3.13) id 00056297; Wed, 17 Nov 1999 10:10:29 -0500
Received: from secfw2.sec.gov (unverified) by mimesweeper2.sec.gov
(Content Technologies SMTPRS 2.0.15) with SMTP id
<[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>;
Wed, 17 Nov 1999 10:10:00 -0500
Received: by secfw2.sec.gov; id KAA02135; Wed, 17 Nov 1999 10:06:55 -0500
Received: from beasley.paix.gnac.net(209.182.195.70) by secfw2.sec.gov via smap
(/2.1+anti-relay+anti-spam)
id xma002076; Wed, 17 Nov 99 10:06:44 -0500
Received: (from majordom@localhost)
by beasley.paix.gnac.net (8.8.8/8.8.8) id DAA04058
for firewalls-include; Wed, 17 Nov 1999 03:22:18 -0800 (PST)
Received: from proxy2.ba.best.com (proxy2.ba.best.com [206.184.139.14])
by beasley.paix.gnac.net (8.8.8/8.8.8) with ESMTP id BAA23762
for <[EMAIL PROTECTED]>; Wed, 17 Nov 1999 01:26:34 -0800 (PST)
Received: from minerva (dgillett.vip.best.com [205.149.181.225])
by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with SMTP id BAA21910;
Wed, 17 Nov 1999 01:25:22 -0800 (PST)
Message-Id: <[EMAIL PROTECTED]>
From: "Dave Gillett" <[EMAIL PROTECTED]>
Organization: Deep Forest
To: "Roy L. Jacobs" <[EMAIL PROTECTED]>
Date: Wed, 17 Nov 1999 01:25:10 -0800
MIME-Version: 1.0
Subject: Re: explanation of ports
Reply-To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
X-mailer: Pegasus Mail for Win32 (v3.01d)
Sender: [EMAIL PROTECTED]
Precedence: bulk
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
