Networking / Beginners

Registered Ports

The port numbers from 1024 to 49151 are called registered ports. Less-common TCP/IP applications can register their ports with the IANA. Unlike well-known ports, anyone can use these port numbers for their servers or for ephemeral numbers on clients. Most operating systems steer away (or are in the process of steering away) from using these port numbers for ephemeral ports, opting instead for the dynamic/private port numbers.

Here's the full list of ports:

0-1023 Well-known port numbers
1024-49151 Registered ports
49152-65535 Dynamic or private ports

Each computer on each side of a session must keep track of the status of the communication. In the TCP/IP world, the session information stored in RAM is called a socket or endpoint. When discussing the data each computer stores about the connection between two computers' TCP/IP applications, the term to use is socket pairs or endpoints. A session or connection refers to the connection in general, rather than specific to TCP/IP. Many people still use the term session.

  • Terms for the connection data stored on a single computer: socket or endpoint
  • Terms for the connection data stored on two computers about the same connection: socket pairs or endpoints
  • Terms for the whole interconnection: connection or session

As two computers begin to communicate, they store the information about the session-the endpoints-so that they know where to send and receive data. At any given point in time your computer probably has a large number of communications going on. If you want to know whom your computer is communicating with, you need to see this list of endpoints. The Wonderful World of Routing," Windows, Linux, and Macintosh OS X come with NETSTAT, the universal "show me the endpoint" utility. NETSTAT works at the command line, so open one up and type netstat -n to see something like this:

C:\>netstat -n
Active Connections
  Proto   Local Address 	Foreign Address 	State
  TCP     192.168.4.27:57913 	209.29.33.25:80 	ESTABLISHED
  TCP     192.168.4.27:61707 	192.168.4.10:445 	ESTABLISHED
C:\>

NOTE Even though almost all operating systems use NETSTAT, there are subtle differences in options and output.

When you run netstat -n on a typical computer, you'll see many more than just two connections! The preceding example is simplified for purposes of discussing the details. It shows two connections. My computer's IP address is 192.168.4.27. The top connection is an open Web page (port 80) to a server at 209.29.33.25. The second connection is an open Windows Network browser (port 445) to my file server (192.168.4.10). Looking on my Windows Desktop, you would certainly see at least these two windows open.

Don't think that a single open application always means a single connection. The following example shows what netstat -n looks like when I open the well-known www.microsoft.com Web site:

C:\>netstat -n
Active Connections
  Proto  Local Address 		Foreign Address 	State
  TCP    192.168.4.27:50015 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50016 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50017 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50018 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50019 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50020 	80.12.192.51:80 	ESTABLISHED
  TCP    192.168.4.27:50021 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50022 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50023 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50024 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50025 	80.12.192.51:80 	ESTABLISHED
  TCP    192.168.4.27:50027 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50028 	80.12.192.40:80 	ESTABLISHED
  TCP    192.168.4.27:50036 	80.12.192.75:80 	ESTABLISHED

A single simple Web page needs only a single connection, but this is a very complex Web page. Different elements in the Web page, such as advertisements, each have their own connection.

TIP NETSTAT enables you to see active TCP/IP connections at a glance.

NETSTAT is a powerful tool. The Comp-TIA Network will also test your NETSTAT skills. On the other hand, connections come and go constantly on your computer and NETSTAT, being a command-line utility, can't update to reflect changes automatically. All of the cool, hip, network techs use graphical endpoint tools. Take a moment right now and download the popular, powerful, and completely free TCPView, written by Mark Russinovich, the Guru of Windows utilities. Just type TCPView into your search engine to find it or try going here:

http://technet.microsoft.com/en-us/sysinternals/default.aspx

Click the Networking Utilities icon to get the latest copy. The TCPView in action. Note the red and green bars: red is for closing connections and green shows new connections as they appear.

TCPView won't work on anything but Windows, but other operating systems have equivalent programs. Linux folks often use the popular Net Activity Viewer. You can grab a copy of this program at http://netactview.sourceforge.net.

[Previous] [Contents] [Next]