The term “port” crops up in IP networking, particularly in the context of rules in routers and software firewalls. One hears about “opening a port on a firewall” and “TCP ports” and “UDP ports”.
So just what is a “port”, exactly?
Like about 40% of the words in English after the Norman invasion of southern England following the Battle of Hastings in 1066, the English word “port” is French. Une porte is a door.
Of course, the French got it from Latin: porta (gate, door). The Latin word portus (port, harbor, and earlier, entrance, passage) and the Greek word poros (journey, passage, way) are obviously related.
In the computer hardware business, a port is a doorway into the machine: a jack, where a cable can be connected. In days past, there were serial ports and parallel ports on PCs. Today, we have USB ports and LAN ports. Technicians talk about connecting customers to ports on access equipment, for example, equipment with banks of modems.
In the computer software business, a port can be thought of as a doorway into the software running on the machine, a passageway to a specific computer program running on the computer.
Why is this necessary? Since there can be many computer programs (a.k.a. applications, apps) running on the same computer at the same time, when trying to communicate to a particular program, we require a mechanism to identify it, a way of telling the host computer to which program to relay our communications.
For example, we all know that it’s possible to have multiple applications using the Internet connection on a computer at the same time. Think of an Outlook email program and a Chrome browser program running at the same time on a PC connected to the Internet.
When data arrives at this computer, how does the computer know whether this data is for the email program or for the browser program? And how does it convey the data to the correct program?
The answer: every program is assigned a number called a port number. Your browser is assigned port 80, for example.
Here’s how it works: the sending program creates a message and tags it with the port number identifying the program it wishes to communicate with on the destination computer. This is put in a packet that is tagged with the network address (IP address) of the destination host computer and transmitted. When the packet arrives at the destination computer identified by the IP address, this receiving computer looks at the destination port number and parks the message in a memory space associated with that port number. The program on the destination computer assigned that port number is constantly checking that memory space to see if there is anything new waiting for it.
The result is the ability for a computer program running on one computer to communicate with a specific computer program on another computer.
Visiting our warehouse service a couple of weeks ago, I was struck by the analogy possible between the idea of computer ports and a multi-tenant warehouse, so whipped out my Android smartphone and took a picture with the totally cool panoramic feature.
The warehouse is analogous to the host computer. It has a single street address. It handles goods for multiple users. Users have space allocated inside the warehouse. The warehouse has (on this side) six ports, also called loading docks. Each port has a number. A user can be assigned a port, either temporarily or permanently.
To communicate goods to that user, they’re carried in a shipping container (IP packet) on a truck (Ethernet frame) over a road (LAN cable) to the warehouse at its street address (IP address). To get the contents of the shipping container delivered to the correct user, the truck is backed up to the appropriate loading dock (port) identified by its door number (port number) and the contents of the container are unloaded to the space behind that port.
In computer communications today, the port number is 16 bits long, and the source and destination port number are populated at the beginning of the transport layer header, Layer 4 of the OSI model. The world’s most popular standard protocols for implementing the transport layer are the TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
Hence, one hears of “TCP ports” and “UDP ports”, particularly when configuring rules for packet forwarding on a router or firewall. When one “blocks” a port, that means that communication to a particular computer program is denied. When one “opens” a port, communication to that computer program is being allowed.
Standard practice is to allow communications only to specifically-identified ports and deny all other communications.
The port number of the application and the IP address of the host computer concatenated together is called a socket in UNIX and IP and is called a transport service in the OSI model. The result is the ability to identify the specific source computer program on one computer and the specific desired destination computer program on a different computer.
I hope you’ve enjoyed this tutorial! This discussion is covered in the following Teracom training courses:
• Instructor-led Course 101: Telecom, Datacom and Networking for Non-Engineering Professionals, Lesson 12.17
• Instructor-led Course 110: IP, VoIP and MPLS for the Non-Engineering Professional, Lesson 8.25-8.27
• DVD-Video Course V4: Understanding Networking 1
• DVD-Video Course V5: Understanding Networking 2, Lesson 2.11
• Online Course L2112 The OSI Layers and Protocol Stacks, Lesson 8
• Online Course L2113 IP Networks, Routers and Addresses, Lessons 7 and 9