Network ports
In TCP and UDP networks, ports are used for communication to/from services. For example, postfix's implementation of smtp runs as a process called "master" and by default listens on TCP port 25. The HTTP protocol typically listens on TCP port 80.
You can find a listing of ports as they are translated to services in /etc/services.
A port on a specific computer is called a socket. It can be open, closed, listening or have a connection established.
Contents
Exploring the concept
using lsof
As discussed, a web server listens on port 80 (http) by default. To test this, you can install and start the web server apache, in this example for SUSE Linux:
yast -i apache2 /etc/init.d/apache2 start
You will find that apache is indeed listening on port 80:
lsof -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME ... httpd2-pr 8456 wwwrun 3u IPv4 49805 TCP *:http (LISTEN)
This tells us that the process httpd2-pr(efork) is listening on the http port, running as user wwwrun for TCP connections. httpd2-prefork is part of the apache2 package:
rpm -qf $(which httpd2-prefork) apache2-prefork-2.2.3-20
using nmap
You can watch if the port is open to a given computer, e.g. there is no firewall between it:
nmap localhost Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-11-23 12:38 CET Interesting ports on localhost (127.0.0.1): Not shown: 1677 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind Nmap finished: 1 IP address (1 host up) scanned in 0.272 seconds
This tells us that we can query port 80 on our local computer. You can also run nmap for remote computers.
using netstat
Show the connections that involve the http port
netstat -putan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2873/portmap tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8455/httpd2-prefork ...
This shows that the process is listening on port 80. I also shows ESTABLISHED for established connections.
using telnet
To talk directly with your http server, you can use telnet or netcat: You submit:
telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /index.html HTTP/1.1 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Thorsten Host: localhost Connection: Keep-Alive
The server responds:
HTTP/1.1 200 OK Date: Sun, 23 Nov 2008 12:02:24 GMT Server: Apache/2.2.3 (Linux/SUSE) Last-Modified: Sun, 23 Nov 2008 11:59:52 GMT ETag: "311cfd-26-412de00" Accept-Ranges: bytes Content-Length: 38 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html <html><body>hello world</body></html>
Of course, the content of the html file you receive can be different from hello world. It is just the content of your webpage.
firewall
You understand that the apache service open a socket on port 80 and listens on it for incoming connections. Now a firewall is just a rule for the Linux kernel that closes one or more ports, so no incoming traffic is allowed on them.
See also
- lsof -i : shows you the ports that have been opened by applications
- telnet : allows you to send and receive bytes with an arbitrary port
- nmap : tells you what ports are open for an arbitrary computer
- netstat -putan : tells you what ports are listening or have a connection established
- netCat : allows you to send and receive bytes with an arbitrary port
- firewall
- http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers