Ports or computer ports are a transport layer (layer 4) concept. Only a transport protocol such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) can indicate which port a packet should go to. TCP and UDP headers include a section for indicating port numbers. Network layer protocols – for example, the Internet Protocol (IP) – are not aware of which port is being used in a given network connection. In a standard IP header, there is no place to indicate which port a data packet should go to. IP headers only indicate the destination IP address, not the port number at that IP address.
Also:
Normally, the inability to indicate a port at the network layer has no effect on network operations, since network layer protocols are almost always used in conjunction with a transport layer protocol. However, this does affect the ping utility function, which is software that “pings” IP addresses using Internet Control Message Protocol (ICMP) packets. ICMP is a network layer protocol that can test the connectivity of network-connected devices – but without the ability to ping specific ports, network administrators cannot test specific services within those devices.
Some ping software, such as My Traceroute, offers the option of sending UDP packets. UDP is a transport layer protocol that can specify a particular port, unlike ICMP, which cannot specify a port. By adding a UDP header to ICMP packets, network administrators can test specific ports within a network-connected device.
Why Do Firewalls Sometimes Block Certain Ports?
A firewall is a security system that blocks or allows network traffic based on a set of security rules. Firewalls are typically positioned between a trusted network and an untrusted network; the untrusted network is often the internet. For example, office networks often use a firewall to protect their network from online threats.
Some attackers attempt to send malicious traffic to random ports in hopes that these ports are left “open,” meaning they are capable of receiving traffic. This action is somewhat similar to a car thief walking down a street trying the doors of parked vehicles, hoping one will be unlocked. For this reason, firewalls should be configured to block network traffic directed at most available ports. The vast majority of available ports have no legitimate reason to receive traffic.
Properly configured firewalls block traffic to all ports by default except for a few pre-specified ports known to be in common use. For example, a corporate firewall might only keep open ports 25 (email), 80 (web traffic), 443 (web traffic), and a few other ports, allowing internal employees to use these essential services, then blocking the remaining 65,000+ ports.
For Example:
As a more specific example, attackers sometimes try to exploit vulnerabilities in the RDP protocol by sending attack traffic to port 3389. To stop these attacks, a firewall might block port 3389 by default. Since this port is only used for remote desktop connections, such a rule has little impact on day-to-day business operations unless employees need to work remotely.
What Are the Different Port Numbers?
There are 65,535 possible port numbers, although not all of them are in common use. Some of the most commonly used ports, along with their associated network protocol, are:
- Ports 20 and 21: File Transfer Protocol (FTP). FTP is for transferring files between a client and a server.
- Port 22: Secure Shell (SSH). SSH is one of many tunneling protocols that create secure network connections.
- Port 25: Historically, Simple Mail Transfer Protocol (SMTP). SMTP is used for email.
- Port 53: Domain Name System (DNS). DNS is an essential process of the modern internet; it matches human-readable domain names with machine-readable IP addresses, enabling users to load websites and applications without memorizing a long list of IP addresses.
- Port 80: Hypertext Transfer Protocol (HTTP). HTTP is the protocol that makes the World Wide Web possible.
- Port 123: Network Time Protocol (NTP). NTP allows computer clocks to sync with each other, a process necessary for encryption.
- Port 179: Border Gateway Protocol (BGP). BGP is essential for establishing efficient routes between the large networks that make up the internet (these large networks are called autonomous systems). Autonomous systems use BGP to broadcast the IP addresses they control.
- Port 443: Hypertext Transfer Protocol Secure (HTTPS). HTTPS is the secure, encrypted version of HTTP. All HTTPS web traffic goes to port 443. Network services that use HTTPS for encryption, such as DNS over HTTPS, also connect via this port.
- Port 500: Internet Security Association and Key Management Protocol (ISAKMP), which is part of the process of setting up secure IPsec connections.
- Port 587: A modern, secure SMTP protocol that uses encryption.
- Port 3389: Remote Desktop Protocol (RDP). RDP allows users to connect remotely to their desktop computers from another device.
The Internet Assigned Numbers Authority (IANA) maintains the complete list of port numbers and the protocols assigned to them.
