What is a computer port? | Ports in networking-
What is a port?
A port is a virtual point where network connections start and end. Ports are software-based and managed by a computer's operating system. Each port is associated with a specific process or service. Ports allow computers to easily differentiate between different kinds of traffic: emails go to a different port than webpages, for instance, even though both reach a computer over the same Internet connection.
What is a port number?
Ports are standardized across all network-connected devices, with each port assigned a number. Most ports are reserved for certain protocols — for example, all Hypertext Transfer Protocol (HTTP) messages go to port 80. While IP addresses enable messages to go to and from specific devices, port numbers allow targeting of specific services or applications within those devices.
How do ports make network connections more efficient?
Vastly different types of data flow to and from a computer over the same network connection. The use of ports helps computers understand what to do with the data they receive.
Suppose Bob transfers an MP3 audio recording to Alice using the File Transfer Protocol (FTP). If Alice's computer passed the MP3 file data to Alice's email application, the email application would not know how to interpret it. But because Bob's file transfer uses the port designated for FTP (port 21), Alice's computer is able to receive and store the file.
Meanwhile, Alice's computer can simultaneously load HTTP webpages using port 80, even though both the webpage files and the MP3 sound file flow to Alice's computer over the same WiFi connection.
Are ports part of the network layer?
The OSI model is a conceptual model of how the Internet works. It divides different Internet services and processes into 7 layers. These layers are:
Usually, the inability to indicate the port at the network layer has no impact on networking processes, since network layer protocols are almost always used in conjunction with a transport layer protocol. However, this does impact the functionality of testing software, which is software that "pings" IP addresses using Internet Control Message Protocol (ICMP) packets. ICMP is a network layer protocol that can ping networked devices — but without the ability to ping specific ports, network administrators cannot test specific services within those devices.
Some ping software, such as My Traceroute, offers the option to send UDP packets. UDP is a transport layer protocol that can specify a particular port, as opposed to ICMP, which cannot specify a port. By adding a UDP header to ICMP packets, network administrators can test specific ports within a networked device.
Why do firewalls sometimes block specific ports?
A firewall is a security system that blocks or allows network traffic based on a set of security rules. Firewalls usually sit between a trusted network and an untrusted network; often the untrusted network is the Internet.
For example, office networks often use a firewall to protect their network from online threats.
Some attackers try to send malicious traffic to random ports in the hopes that those ports have been left "open," meaning they are able to receive traffic. This action is somewhat like a car thief walking down the street and trying the doors of parked vehicles, hoping one of them is unlocked. For this reason, firewalls should be configured to block network traffic directed at most of the available ports. There is no legitimate reason for the vast majority of the available ports to receive traffic.
Properly configured firewalls block traffic to all ports by default except for a few predetermined ports known to be in common use. For instance, a corporate firewall could only leave open ports 25 (email), 80 (web traffic), 443 (web traffic), and a few others, allowing internal employees to use these essential services, then block the rest of the 65,000+ ports.
As a more specific example, attackers sometimes attempt to exploit vulnerabilities in the RDP protocol by sending attack traffic to port 3389. To stop these attacks, a firewall may block port 3389 by default. Since this port is only used for remote desktop connections, such a rule has little impact on day-to-day business operations unless employees need to work remotely.
What are the different port numbers?
- Ports 20 and 21: File Transfer Protocol (FTP). FTP is for transferring files between a client and a server.
- Port 22: Secure Shell (SSH). SSH is one of many tunneling protocols that create secure network connections.
- Port 25: Simple Mail Transfer Protocol (SMTP). SMTP is used for email.
- Port 53: Domain Name System (DNS). DNS is an essential process for the modern Internet; it matches human-readable domain names to machine-readable IP addresses, enabling users to load websites and applications without memorizing a long list of IP addresses.
- Port 80: Hypertext Transfer Protocol (HTTP). HTTP is the protocol that makes the World Wide Web possible.
- Port 123: Network Time Protocol (NTP). NTP allows computer clocks to sync with each other, a process that is essential for encryption.
- Port 179: Border Gateway Protocol (BGP). BGP is essential for establishing efficient routes between the large networks that make up the Internet (these large networks are called autonomous systems). Autonomous systems use BGP to broadcast which IP addresses they control.
- Port 443: HTTP Secure (HTTPS). HTTPS is the secure and encrypted version of HTTP. All HTTPS web traffic goes to port 443. Network services that use HTTPS for encryption, such as DNS over HTTPS, also connect at this port.
- Port 500: Internet Security Association and Key Management Protocol (ISAKMP), which is part of the process of setting up secure IPsec connections.
- Port 3389: Remote Desktop Protocol (RDP). RDP enables users to remotely connect to their desktop computers from another device.
Port Scan Packages To Use With Port Scanner
Basic codes
- 21 - File Transfer Protocol (FTP)
- 22 - Secure File Transfer Protocol (SFTP)
- 25 - Simple Mail Transfer Protocol (SMTP)
- 26 - [threat] W32.Netsky
- 80 - Hypertext Transfer Protocol (HTTP)
- 110 - Post Office Protocol v3 (POP3)
- 143 - Internet Message Access Protocol (IMAP)
- 443 - Hypertext Transfer Protocol over TLS/SSL (HTTPS)
- 587 - Simple Mail Transfer Protocol (Often more secure than port 25
- 993 - Internet Message Access Protocol over TLS/SSL (IMAPS)
- 995 - Post Office Protocol 3 over TLS/SSL (POP3S)
- 2525 - Remote Access Trojans
- 3306 - MySQL database system
Web - Scans ports in the Basic Package plus the ports below
- 23 - Telnet protocol - unencrypted text communications
- 43 - WHOIS protocol
- 53 - Domain Name System (DNS)
- 67 - Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) server
- 68 - Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) client
- 69 - Trivial File Transfer Protocol (TFTP)
- 123 - Network Time Protocol (NTP) - time synchronization
- 137 - NetBIOS Name Service
- 138 - NetBIOS Datagram Service
- 139 - NetBIOS Session Service
- 161 - Simple Network Management Protocol (SNMP)
- 162 - Simple Network Management Protocol Trap (SNMPTRAP)
- 389 - Lightweight Directory Access Protocol (LDAP)
- 636 - Lightweight Directory Access Protocol over TLS/SSL (LDAPS)
- 989 - FTPS Protocol (data), FTP over TLS/SSL
- 990 - FTPS Protocol (control), FTP over TLS/SSL
- 2077 - TrelliSoft Agent
- 2078 - TrelliSoft Server
- 2082 - cPanel default
- 2083 - Secure RADIUS Service (radsec)
- 2086 - WebHost Manager default
- 2087 - WebHost Manager default SSL
- 2095 - cPanel web mail default
- 2096 - cPanel SSL web mail default
Games
- 1725 - Valve Steam Client
- 2302 - ArmA and Halo: Combat Evolved
- 3074 - Xbox Live and/or Games for Windows Live
- 3724 - World of Warcraft
- 6112 - Blizzard's Battle.net Gaming Service
- 6500 - Gamespy Arcade, Unreal, Tony Hawk, Warhammer, Starwars, Civilization III and IV, BoKS Master, Command & Conquer
- 12035 - Linden Lab viewer to sim on SecondLife
- 12036 - Second Life
- 14567 - Battlefield 1942
- 25565 - Minecraft Dedicated Server
- 27015 - GoldSrc and Source engine dedicated server port
- 28960 - Call of Duty
Malicious
- 1080 - W32.Beagle, WinHole, W32.HLLW.Deadhat, and several others like keyloggers, remote peekers, etc.
- 2745 - Bagle Virus Backdoor
- 3127 - W32.Mockbot, W32.Some, and others
- 4444 - Metasploit's default listener port
- 5554 - W32.Dabber and W32.Sasser
- 8866 - W32.Beagle
- 9898 - CrashCool and W32.Dabber
- 9988 - Used by many trojans and worms
- 12345 - Used by many trojans and worms
- 27374 - Used by many trojans, remote access hacks, worms, etc.
- 31337 - Used by many trojans and worms
Essential Website for check PORT Scanner - https://www.whatismyip.com/port-scanner/
Comments
Post a Comment