VESARiA Network Security Specialists
About Vesaria Services Consulting Partners Research Customers Contact Us

Firewall Testing



C TCP and UDP Ports

by Mikael Olsson

This appendix will begin at a fairly ``basic'' level, so even if the first points seem childishly self-evident to you, you might still learn something from skipping ahead to something later in the text.

C.1 What is a port?

  A ``port'' is ``virtual slot'' in your TCP and UDP stack that is used to map a connection between two hosts, and also between the TCP/UDP layer and the actual applications running on the hosts.

They are numbered 0-65535, with the range 0-1023 being marked as ``reserved'' or ``privlileged'', and the rest (1024-65535) as ``dynamic'' or ``unprivileged''.

There are basically two uses for ports:

  • ``Listening'' on a port.
    This is used by server applications waiting for users to connect, to get to some ``well known service'', for instance HTTP (TCP port 80), Telnet (TCP port 21), DNS (UDP and sometimes TCP port 53).
  • Opening a ``dynamic'' port.
    Both sides of a TCP connection need to be identified by IP addresses and port numbers. Hence, when you want to ``connect'' to a server process, your end of the communications channel also needs a ``port''. This is done by choosing a port above 1024 on your machine that is not currently in use by another communications channel, and using it as the ``sender'' in the new connection.

Dynamic ports may also be used as ``listening'' ports in some applications, most notably FTP.

Ports in the range 0-1023 are almost always server ports. Ports in the range 1024-65535 are usually dynamic ports (i.e., opened dynamically when you connect to a server port). However, any port may be used as a server port, and any port may be used as an ``outgoing'' port.

So, to sum it up, here's what happens in a basic connection:

  • At some point in time, a server application on host decides to ``listen'' at port 80 (HTTP) for new connections.
  • You ( want to surf to, port 80, and your browser issues a connect call to it.
  • The connect call, realising that it doesn't yet have local port number, goes hunting for one. The local port number is necessary since when the replies come back some time in the future, your TCP/IP stack will have to know to what application to pass the reply. It does this by remembering what application uses which local port number. (This is grossly simplified, no flames from programmers, please.)
  • Your TCP stack finds an unused dynamic port, usually somewhere above 1024. Let's assume that it finds 1029.
  • Your first packet is then sent, from your local IP,, port 1029, to, port 80.
  • The server responds with a packet from, port 80, to you,, port 1029.
  • This procedure is actually longer than this, read on for a more in-depth explanation of TCP connect sequences.
Vesaria, LLC

Firewall FAQ
Table of Contents

Previous Section: B Glossary of Firewall-Related Terms

Next Section: C.2 How do I know which application uses what port?

Find out more about VESARiA Firewall Testing.

© 2000 - 2018 Vesaria Network Security Specialists        
   About Vesaria   |   Legal   |   Privacy   |   Contact