Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Service Ports: The Door to the Programs on Your System

Network-based services are programs running on a machine that other computers on the network can access. The service ports identify the programs and individual sessions or connections taking place. Service ports are the numeric names for the different network-based services. They are also used as numeric identifiers for the endpoints of a particular connection between two programs. Service port numbers range from 0 through 65535.

Server programs (that is, daemons) listen for incoming connections on a service port assigned to them. By historical convention, major network services are assigned well-known, or famous, port numbers in the lower range from 1 to 1023. These port number–to–service mappings are coordinated by the Internet Assigned Numbers Authority (IANA) as a set of universally agreed-upon conventions or standards.

These lower-ranged ports are called privileged ports because, on a UNIX system, they are owned by programs running with system-level (that is, superuser or root) privileges. The idea is to increase confidence that the client program is really connecting to the intended, advertised service, as well as to allow these servers access to privileged system services. This is the intention—it's not a guarantee. Non-UNIX systems often don't use the convention. You can never be absolutely certain that a remote machine or service is who or what it claims to be.

An advertised service is simply a service available over the Internet from its assigned port. If your machine isn't offering a particular service, and someone tries to connect to the port associated with that service, nothing will happen. They are knocking on the door, but no one lives there to answer. For example, web servers are assigned to port 80. If your machine isn't running a web server and someone tries to connect to port 80, the client program receives a connection shutdown message as an error message from your machine indicating that the service isn't offered.

The higher port numbers from 1024 to 65535 are called unprivileged ports. They serve a dual purpose. For the most part, these ports are dynamically assigned to the client end of a connection. The combination of client and server port number pairs, along with their respective IP host addresses, and the transport protocol used, uniquely identify the connection.

Additionally, ports in the 1024-through-49151 range are registered with the IANA. These ports can be used as part of the general unprivileged pool, but they are also associated with particular services such as SOCKS or X Window servers. Originally, the idea was that services offered on the higher ports were not running with root privilege. They were for use by user-level, nonprivileged programs. The convention may or may not hold in any individual case.

Service Name–to–Port Number Mappings

Linux distributions are supplied with a list of common service port numbers. The list is found in the /etc/services file.

Each entry consists of a symbolic name for a service, the port number assigned to it, the protocol (TCP or UDP) the service runs over, and any optional nicknames for the service. Table 1.2 lists some common service name-to-port number mappings, taken from the Red Hat Release 7.1.

Table 1.2 Commom Service Name-to-Port Number Mappings

Note that the symbolic names associated with the port numbers vary by Linux distribution and release. Names and aliases differ; port numbers do not.

Also note that port numbers are associated with a protocol. The IANA has attempted to assign the same service port number to both the TCP and UDP protocols, regardless of whether a particular service uses both transport modes. Most services use one protocol or the other. The domain name service uses both.

  • + Share This
  • 🔖 Save To Your Account