The port numbers from 1024 to 49151 are called registered ports. Less-common TCP/IP applications can register their ports with the IANA. Unlike well-known ports, anyone can use these port numbers for their servers or for ephemeral numbers on clients. Most operating systems steer away (or are in the process of steering away) from using these port numbers for ephemeral ports, opting instead for the dynamic/private port numbers.
Here's the full list of ports:
0-1023 Well-known port numbers
1024-49151 Registered ports
49152-65535 Dynamic or private ports
Each computer on each side of a session must keep track of the status of the communication. In the TCP/IP world, the session information stored in RAM is called a socket or endpoint. When discussing the data each computer stores about the connection between two computers' TCP/IP applications, the term to use is socket pairs or endpoints. A session or connection refers to the connection in general, rather than specific to TCP/IP. Many people still use the term session.
- Terms for the connection data stored on a single computer: socket or endpoint
- Terms for the connection data stored on two computers about the same connection: socket pairs or endpoints
- Terms for the whole interconnection: connection or session
As two computers begin to communicate, they store the information about the
session-the endpoints-so that they know where to send and receive data. At any
given point in time your computer probably has a large number of communications
going on. If you want to know whom your computer is communicating with, you need
to see this list of endpoints. The Wonderful World of
Routing," Windows, Linux, and Macintosh OS X come with NETSTAT, the universal
"show me the endpoint" utility. NETSTAT works at the command line, so open one up
netstat -n to see something like this:
C:\>netstat -n Active Connections Proto Local Address Foreign Address State TCP 192.168.4.27:57913 220.127.116.11:80 ESTABLISHED TCP 192.168.4.27:61707 192.168.4.10:445 ESTABLISHED C:\>
NOTE Even though almost all operating systems use NETSTAT, there are subtle differences in options and output.
When you run netstat -n on a typical computer, you'll see many more than just two connections! The preceding example is simplified for purposes of discussing the details. It shows two connections. My computer's IP address is 192.168.4.27. The top connection is an open Web page (port 80) to a server at 18.104.22.168. The second connection is an open Windows Network browser (port 445) to my file server (192.168.4.10). Looking on my Windows Desktop, you would certainly see at least these two windows open.
Don't think that a single open application always means a single connection. The following example shows what netstat -n looks like when I open the well-known www.microsoft.com Web site:
C:\>netstat -n Active Connections Proto Local Address Foreign Address State TCP 192.168.4.27:50015 22.214.171.124:80 ESTABLISHED TCP 192.168.4.27:50016 126.96.36.199:80 ESTABLISHED TCP 192.168.4.27:50017 188.8.131.52:80 ESTABLISHED TCP 192.168.4.27:50018 184.108.40.206:80 ESTABLISHED TCP 192.168.4.27:50019 220.127.116.11:80 ESTABLISHED TCP 192.168.4.27:50020 18.104.22.168:80 ESTABLISHED TCP 192.168.4.27:50021 22.214.171.124:80 ESTABLISHED TCP 192.168.4.27:50022 126.96.36.199:80 ESTABLISHED TCP 192.168.4.27:50023 188.8.131.52:80 ESTABLISHED TCP 192.168.4.27:50024 184.108.40.206:80 ESTABLISHED TCP 192.168.4.27:50025 220.127.116.11:80 ESTABLISHED TCP 192.168.4.27:50027 18.104.22.168:80 ESTABLISHED TCP 192.168.4.27:50028 22.214.171.124:80 ESTABLISHED TCP 192.168.4.27:50036 126.96.36.199:80 ESTABLISHED
A single simple Web page needs only a single connection, but this is a very complex Web page. Different elements in the Web page, such as advertisements, each have their own connection.
TIP NETSTAT enables you to see active TCP/IP connections at a glance.
NETSTAT is a powerful tool. The Comp-TIA Network will also test your NETSTAT skills. On the other hand, connections come and go constantly on your computer and NETSTAT, being a command-line utility, can't update to reflect changes automatically. All of the cool, hip, network techs use graphical endpoint tools. Take a moment right now and download the popular, powerful, and completely free TCPView, written by Mark Russinovich, the Guru of Windows utilities. Just type TCPView into your search engine to find it or try going here:
Click the Networking Utilities icon to get the latest copy. The TCPView in action. Note the red and green bars: red is for closing connections and green shows new connections as they appear.
TCPView won't work on anything but Windows, but other operating systems have equivalent programs. Linux folks often use the popular Net Activity Viewer. You can grab a copy of this program at http://netactview.sourceforge.net.
In this tutorial:
- TCP/IP Applications
- Transport Layer Protocols
- The Power of Port Numbers
- Registered Ports
- Connection Status
- Rules for Determining Good vs. Bad Communications
- Common TCP/IP Applications
- Publishing Web Pages
- Web Servers and Web Clients
- Secure Sockets Layer and HTTPS
- Telnet Servers and Clients
- Configuring a Telnet Client
- Rlogin, RSH, and RCP
- SSH and the Death of Telnet
- SMTP, POP3, and IMAP4
- Alternatives to SMTP, POP3, and IMAP4
- E-mail Servers
- Passive vs. Active FTP