Introduction
In network technology, ports include two types: logical ports and physical ports. Physical ports are used to connect the interfaces between physical devices, such as ADSL Modem, hubs, switches, routers, used to connect to other network devices, such as RJ-45 ports, SC ports, etc. Logical port refers to a port used to differentiate services in a logical sense, such as port 80 for browsing web services, port 21 for FTP services, and so on. For example, the service port in the TCP/IP protocol distinguishes different services through different logical ports. The ports of an IP address are numbered by 16 bits, and there can be up to 65536 ports. Ports are marked by port numbers. Port numbers are only integers and the range is from 0 to 65535.
Function
The main function of the port number is to indicate the service provided by a specific process in a computer. The computer on the network represents its identity through the IP address, which can only represent a specific computer, but a computer can provide many services at the same time, such as database services, FTP services, Web services, etc., we pass The port number is used to distinguish these different services provided by the same computer. For example, the common port number 21 represents the FTP service, the port number 23 represents the Telnet service, and the port number 25 refers to the SMTP service. The port number is generally a 4-digit integer, and the port number cannot be repeated on the same computer, otherwise, an exception such as a port number conflict will occur.
Usage rules
The port address in the TCP and UDP segment structure is 16 bits, and there can be a port number in the range of 0---65535. For these 65536 port numbers, the following rules apply:
(1) Port numbers less than 256 are defined as common ports, and servers are generally identified by common port numbers. The services provided by any TCP/IP implementation use port numbers between 1 and 1023, which are managed by ICANN; the port numbers from 1024 to 49151 are registered ports and also become "user ports", Designated as a special service by IANA;
(2) The client only needs to ensure that the port number is unique on this machine. The client port number is also called temporary port number because of its short existence;
(3) Most TCP/IP implementations allocate port numbers between 1024---5000 to temporary port numbers. Port numbers greater than 5000 are reserved for other servers.
Commonly used port numbers for UNIX
UNIX operating system is widely used because of its stable operation, low system requirements, and high security. Its Berkeley socket developed earlier and has distinctive features. For example, the UNIX system has the concept of reserved port numbers. Only a process with super user privileges is allowed to assign itself a reserved port number. These port numbers are between 1 and 1023. Some applications use it as part of the identity authentication between the client and the server. Most TCP/IP implementations assign port numbers between 1024 and 5000 to temporary ports. Ports greater than 5000 are reserved for other servers (services that are not commonly used on the Internet).
View port number
When a server has a large number of ports in use, there are two ways to view the port: one is to use the built-in command of the system, the other is to use the Three-party port scanning software.
1. Use "netstat" to view port status
In Windows, you can use "netstat" at the command prompt to view the system port status, and you can list the ports that the system is opening Number and its status.
2. Use third-party port scanning software
There are many third-party port scanning software. Although the interfaces are very different, the functions are similar. Here we take "Fport" (available to ?type_t=7 or download) as an example to explain. "Fport" is used at the command prompt, and the result is similar to "netstat -an", but it can not only list the port number and type in use, but also list which application the port is used by.
3. Use the "netstat -n" command to display the address and port information in numeric format.
If we carefully check the port numbers of these standard simple services and other standard TCP/IP services (such as Telnet, FTP, SMTP, etc.), we find that they are all odd numbers. This is for historical reasons, because these port numbers are derived from the NCP port number (NCP, that is, Network Control Protocol, is the transport layer protocol of ARPANET, and is the predecessor of TCP). NCP is half-duplex, not full-duplex, so each application requires two connections, and a pair of odd and even port numbers needs to be reserved. When TCP and UDP become standard transport layer protocols, each application only needs one port number, so the odd number in NCP is used.
Real-time data stream classification based on port number
The classification method based on port number is only suitable for applications that use well-known port numbers, and for dynamic ports or not fixedly equipped with well-known ports The transmission protocol does not apply.
Data flow classification algorithm based on well-known port numbers is the earliest traditional method used for data flow classification. Its classification principle is to use the server port number of TCP or UDP to identify the underlying application. The user only needs to identify which of the source port and destination port is the server port and which is the client port, and compare it with IANA ( If you compare the well-known port number list issued by the Internet Assigned Numbers Authority), you can get the corresponding application. For example, PoP2 service uses TCP/UDP port 109, PoP3 service uses TCP/UDP port 110, and NNTP service uses TCP/UDP port 119. Due to the characteristics of low time complexity and simple algorithm, the data flow classification algorithm based on port number matching was once used as the main algorithm for data flow classification.
However, with the rapid development of Internet applications, more and more traffic classification methods for port identification are restricted:
1. Some application protocols use undefined port numbers to avoid the interception of firewalls;
2. In some cases, server ports are dynamically allocated, such as FTP using dynamic protocol ports in the process of data files.
3. Some registered port numbers are used by multiple application protocols, such as: TCP (securecode) and ssh (secureshell) use TCP port 22 at the same time.
4. Some applications are equipped with other applications and use well-known port numbers. For example, P2P is equipped with HTTP and uses port 80 for file transfer.
5. Some applications use ports other than commonly used ports to bypass access restrictions: such as running a WWW server on a port other than 80.
6. In some cases, the server's port is dynamically allocated.
7. Network attacks such as Trojan horses are not exclusive to a single port number.
8. Some new protocols no longer use the registered ports in IANA, such as P2P protocols such as BitTorrent.