In computer networking, a port is an endpoint of communication in an operating system. While the term is also used for hardware devices, in software it is a logical construct that identifies a specific process or a type of service.
A port is always associated with an IP address of a host and the protocol type of the communication, and thus completes the destination or origination address of a communications session. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number.
Specific port numbers are often used to identify specific services. Of the thousands of enumerated ports, 1024 well-known port numbers are reserved by convention to identify specific service types on a host. The protocols that primarily use ports are the transport layer protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet protocol suite.
In the client–server model of application architecture, the ports that network clients connect to for service initiation provide a multiplexing service. After initial communication binds to the well-known port number, this port is freed by switching each instance of service requests to a dedicated, connection-specific port number, so that additional clients can be serviced.
Details
Transport layer protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP), specify a source and destination port number in their segment headers. A port number is a 16-bit unsigned integer, thus ranging from 0 to 65535. However, for TCP, port number 0 is reserved and cannot be used. For UDP, the source port is optional and a value of zero means no port. A process associates its input or output channels, via an Internet socket (a type of file descriptor), with a transport protocol, a port number, and an IP address. This process is known as binding, and enables sending and receiving data via the network. The operating system's networking software has the task of transmitting outgoing data from all application ports onto the network, and forwarding arriving network packets to processes by matching the packet's IP address and port number. Only one process may bind to a specific IP address and port combination using the same transport protocol. Common application failures, sometimes called port conflicts, occur when multiple programs attempt to bind to the same port numbers on the same IP address using the same protocol.
Applications implementing common services often use specifically reserved well-known port numbers for receiving service requests from clients. This process is known as listening, and involves the receipt of a request on the well-known port and establishing a one-to-one server-client dialog, using the same local port number. Other clients may continue to connect to the listening port; this works because a TCP connection is identified by a tuple consisting of the local address, the local port, the remote address, and the remote port. The well-known ports are defined by convention overseen by the Internet Assigned Numbers Authority (IANA).
The core network services, such as the World-Wide Web, typically use small port numbers less than 1024. In many operating systems special privileges are required for applications to bind to these ports, because these are often deemed critical to the operation of IP networks. Conversely, the client end of a connection typically uses a high port number allocated for short term use, therefore called an ephemeral port.
The port numbers are encoded in the transport protocol packet header, and they can be readily interpreted not only by the sending and receiving computers, but also by other components of the networking infrastructure. In particular, firewalls are commonly configured to differentiate between packets based on their source or destination port numbers. Port forwarding is an example application of this.
The practice of attempting to connect to a range of ports in sequence on a single computer is commonly known as port scanning. This is usually associated either with malicious cracking attempts or with network administrators looking for possible vulnerabilities to help prevent such attacks.
Port connection attempts are frequently monitored and logged by computers. The technique of port knocking uses a series of port connections (knocks) from a client computer to enable a server connection.