Important Port numbers every Cloud Engineer must Know!
Full Guide for Port Numbers
As a Cloud/DevOps Engineer, we often face difficulties to troubleshoot connections issues between the resources. In this article, I will explain everything about Ports that you must know as a Cloud/DevOps Engineer.
So, Let's begin!
What is Port?
A port is a virtual point where network connections start and end. A port in networking is a software-defined number associated with a network protocol that receives or transmits a communication for a specific service.
Each port is associated with a specific process or service(that we will explore below). The Port numbers allow computers to easily differentiate between different kinds of online traffic.
For example:- emails have a separate port to send and receive messages than a webpage port, even though both reach a computer over the same Internet connection.
What is a port number?
Ports are standardized across all network-connected devices, with each port assigned a number, that number goes from 0 to 65535, which is a 16-bit number.
All port numbers in computer networking are specifically defined for a specific type of service, for example, HTTP messages go to port 80, HTTPS is 443 and File Transfer Protocol (FTP) always uses port number 21.
Data on the Internet is organized into standard TCP or UDP(Transmission Control Protocol or User Datagram Protocol) packets. Network clients use different ports (or channels) to transfer this data.
Generally, one port is used to send data and another to receive it, so packets don't collide. The port numbers (and the destination IP address) are included as part of the header each packet is given.
Scenario:-
Imagine you want to visit a website using your web browser. In order to establish a connection with the website, your computer needs to communicate with the website's server.
To do this, your computer needs to send a request to the server over the internet. This request is sent using the HTTP protocol, HTTP uses a specific port number, which is port 80 by default.
When you enter the URL of the website into your web browser's address bar and hit enter, your browser sends an HTTP request to the server using port 80. The server receives the request and sends a response back to your browser, which is then displayed on your screen as the website's content.
Port Numbers and their uses:-
There are 65535 possible port numbers, although not all are in common use. Some of the most commonly used ports, along with their associated networking protocol, are:-
Port 20 and 21
FTP(File Transfer Protocol) is a protocol that allows for the transfer of files between two devices over a network or between a client and a server. When you want to transfer a file from one device to another using FTP, the devices need to establish a connection using two different channels: the control channel and the data channel.
The control channel is used to send commands and receive responses between the two devices, while the data channel is used to transfer the actual file data. Port 21 is used by the FTP protocol for the control channel, while Port 20 is used for the data channel.
Scenario:-
When you initiate an FTP transfer, your FTP client (such as FileZilla) connects to the remote server using port 21 for the control channel. The client then sends commands to the server over this channel to request the file transfer, and the server responds with messages indicating the status of the transfer.
Once the file transfer is initiated, the client opens a data channel on port 20 for the actual transfer of the file data. The data is transmitted over this channel in separate packets, with the client and server acknowledging each packet to ensure the integrity of the transfer.
After the file transfer is complete, the control and data channels are closed and the connection between the two devices is terminated.
Port 22
Port 22 is typically used by the SSH (Secure Shell) protocol for secure remote access to a device or server over a network, such as the internet.
SSH is a protocol that allows you to securely access and control a remote device or server over an unsecured network. When you establish an SSH connection to a device or server, you are essentially creating a secure communication channel between your local device and the remote device.
To establish an SSH connection, you need to have an SSH client installed on your local device, such as PuTTY or OpenSSH. You also need to know the IP address or domain name of the remote device, as well as the login credentials for that device.
When you initiate an SSH connection, your SSH client uses port 22 to establish a secure connection to the remote device. Once the connection is established, you can enter commands and perform tasks on the remote device as if you were physically present at that device.
Port 25
Port 25 is typically used by the SMTP (Simple Mail Transfer Protocol) protocol for sending email messages between mail servers.
SMTP is a protocol that allows for the transfer of email messages between mail servers over a network. When you send an email message, your email client (such as Outlook or Gmail) communicates with your email provider's mail server using SMTP to send the message to the recipient's mail server.
SMTP uses port 25 as the default port for sending email messages between mail servers. When you send an email message, your email client connects to your email provider's mail server using port 25 to initiate the transfer of the message.
Port 53
Port 53 is used for the Domain Name System (DNS) protocol. DNS is a system that translates domain names into IP addresses, making it possible to browse the internet using easy-to-remember domain names rather than numeric IP addresses.
When a user types a domain name into their web browser, the browser sends a DNS query to a DNS server, asking for the corresponding IP address.
The DNS server responds with the IP address, allowing the browser to establish a connection to the server hosting the website.
Port 53 is used for both UDP and TCP traffic in DNS. UDP is used for small queries, while TCP is used for larger queries that require more data to be transmitted.
DNS traffic on port 53 is often targeted by cyber attacks, such as distributed denial of service (DDoS) attacks because it is a critical part of internet infrastructure.
Port 80
Port 80 is the well-known port number used for the Hypertext Transfer Protocol (HTTP), the primary protocol used for transmitting web pages and other content over the internet.
When a user requests a web page from a server, the browser sends an HTTP request to the server over port 80, asking for the desired resource.
The server responds with an HTTP response, containing the requested resource, such as a web page, image, or other files.
While HTTP has been largely replaced by HTTPS (HTTP over TLS), which uses port 443 instead of port 80, port 80 is still widely used for unencrypted HTTP traffic.
Port 123
Port 123 port number is used for the Network Time Protocol (NTP), a protocol used for synchronizing the clocks of computers on a network.
NTP allows networked devices to synchronize their clocks with a central time server, ensuring that all devices on the network have the same time.
This is important for many applications, such as networked file systems, transaction processing, and distributed databases.
When a device wants to synchronize its clock with an NTP server, it sends an NTP request over port 123.
The NTP server responds with an NTP packet containing the current time and other information about the server's time source. The client then adjusts its clock to match the time received from the server.
NTP allows computer clocks to sync with each other, a process that is essential for encryption.
Port 179
Port 179 port number is used for the Border Gateway Protocol (BGP), a protocol used for routing data between different networks on the internet.
BGP is used by internet service providers (ISPs) and other organizations to exchange routing information and ensure that data is sent along the most efficient path between networks.
When a router wants to exchange routing information with another router using BGP, it sends an Open message over port 179 to initiate the BGP session.
The routers then exchange Update messages to exchange routing information and make routing decisions.
Port 443
Port 443 port number is used for the HTTPS protocol, which is the secure version of the HTTP protocol used for transmitting web pages and other content over the internet.
HTTPS is an encrypted protocol that uses the Transport Layer Security (TLS) protocol to provide secure communication between clients (such as web browsers) and servers.
When a user requests a web page over HTTPS, the browser sends an encrypted request to the server over port 443. The server responds with an encrypted response, containing the requested resource, such as a web page, image, or other files.
Port 443 is also used for other encrypted protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS), which are used for a wide range of applications, including email, instant messaging, and virtual private networks (VPNs).
Port 500
Port 500 port number is used for the Internet Key Exchange (IKE) protocol, which is used for setting up a secure, encrypted connection between two devices in a virtual private network (VPN).
IKE is a key management protocol used to negotiate the parameters of a VPN tunnel, such as encryption algorithms, keys, and authentication methods. When two devices want to establish a VPN connection, they use IKE to exchange the necessary information and establish a secure tunnel for communication.
When IKE is used with the IPsec protocol, which is another commonly used protocol for VPNs, the two protocols work together to provide secure communication between two devices over an untrusted network such as the internet.
Port 587
Port 587 is a commonly used port for secure email communication and is often preferred over the default SMTP port 25, which is often blocked or restricted by internet service providers (ISPs) to prevent spam or other email-related abuses.
Port 3389
Port 3389 port number is used for the Remote Desktop Protocol (RDP), a protocol used for remote access and control of computers over a network.
RDP is commonly used by system administrators and other users to remotely access and manage servers and other computers from a remote location.
When a user wants to remotely access a computer using RDP, they typically use an RDP client to connect to the remote computer over port 3389.
The remote computer responds with a desktop view, which the user can interact with as if they were sitting in front of the remote computer.
Port 3389 is also used by some malware and other security threats to gain unauthorized access to computers and networks.
Why do firewalls sometimes block specific ports?
A firewall is a security system that blocks or allows network traffic based on a set of security rules. Firewalls usually sit between a trusted network and an untrusted network; often the untrusted network is the Internet.
For example, office networks often use a firewall to protect their network from online threats.
Some attackers try to send malicious traffic to random ports in the hopes that those ports have been left "open," meaning they are able to receive traffic.
This action is somewhat like a car thief walking down the street and trying the doors of parked vehicles, hoping one of them is unlocked.
For this reason, firewalls should be configured to block network traffic directed at most of the available ports. There is no legitimate reason for the vast majority of the available ports to receive traffic.
Properly configured firewalls block traffic to all ports by default except for a few predetermined ports known to be in common use.
For instance, a corporate firewall could only leave open ports 25 (email), 80 (web traffic), 443 (web traffic), and a few others, allowing internal employees to use these essential services, then block the rest of the 65,000+ ports.
I hope you like the article, please do comment your thoughts or let me know if I missed anything to add.
Cheers!
Aditya