A port is a 16-bit number (0-65535) that, together with an IP address, identifies one end of a TCP or UDP connection. Ports allow a single host to run many network services simultaneously: HTTP listens on 80, HTTPS on 443, SSH on 22, DNS on 53, SMTP on 25, PostgreSQL on 5432, and so on. The combination of address and port is a socket.
Ports are divided into ranges by convention: 0-1023 are well-known ports, requiring root (or CAP_NET_BIND_SERVICE) to bind, assigned by IANA. 1024-49151 are registered ports, used by specific applications (Postgres 5432, Redis 6379). 49152-65535 are ephemeral ports, dynamically assigned to outgoing connections.
ss -tulpn # list listening sockets
lsof -i :443 # what's using 443
nc -zv host 22 # test a port
The file /etc/services lists the traditional name-to-number mappings (http 80/tcp, ssh 22/tcp). Firewalls operate at the port level, blocking or allowing specific combinations. Port forwarding and NAT translate ports between networks, which is how a single public IP can host multiple services or multiple hosts behind a router.
Related terms: Socket, TCP/IP, IP Address, firewall
Discussed in:
- Chapter 12: Networking — IP Addresses, Ports, and Sockets
Also defined in: Textbook of Linux