Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

Protocol Terminology

FTP,SCP and SFTP

Ports Protocols and IP Addresses

Radius and TACACS

SSH and Telnet

SMTP POP3 and IMAP

 

 

Firewalls

Which Network Firewall

Which Home Firewall

Network Firewall Buyers Guide

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security Tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

 

Ports, Protocols and IP addressing Tutorial Guide

 

What is a Protocol?

The best way to describe a protocol is by comparing it to the way humans communicate. We have many languages in this world, we also have many protocols. If we did not have languages or a common way to speak how would we communicate? Luckily we have set and defined standards in the way we communicate.

Well a protocol is similar in that it is there to decide how data is transferred over the network, how it is formatted and so on so computers and servers have a standardised way to communicate with each other. So you can see protocols like a set of rules that determine how clients and servers will communicate with each other. These systems will use different protocols depending on what they are doing or what application they are using.

For example when browsing the web you are a user requesting a web page from a server, just like when you are browsing Ebay, Yahoo, or Facebook you are asking for that web page which eventually appears in front of you on your computer screen. This is requested by your system to the Facebook server or whatever website it may happen to be and eventually when the request and type of request looks ok and both ends are happy and using the same language (protocol) the web page can be sent on. Well there needs to be a protocol in place that has defined rules for this type of communication and how one retrieves this type of information from the other, this protocol by the way is called HTTP (Hypertext Transfer Protocol) for web traffic. We use HTTP when browsing websites. We use SMTP for sending emails. We use POP3 or IMAP4 for retrieving emails, we use FTP for transferring files, and there are many more protocols for different needs.

HTTP is the most popular and commonly used protocol. We can compare this to the English language. There are now many applications which tunnel over HTTP such as Facebook Apps, streaming Media, etc.

The protocols noted above are application layer protocols. However there are protocols at other layers of the OSI model.

 

What is a port?

Now the easiest way to define what a port is in our world is to imagine your house had lots of doors and each door represents a port. In the world of computers if a port is not open it is like a door that does not even exist. However if a port is open then you have an unlocked door which can be used to access your house, or a port to access your system. If a port is open but you have security protection on the system then it is like a locked door with a security guard only allowing people who are genuine and well behaved. A better example of the last one is a security guard at the airport terminals who search every person for any malicious threats before allowing them through.

There are altogether 65,535 ports available for both TCP and UDP. However the first 1,023 are ports reserved for use with well known and commonly used protocols. From 1,024 to 49,151 are registered ports. These are to register an application with a port number with IANA, this way there won't be any port conflicts with applications. Ports between 49,152 and 65,353 are dynamic and/or private ports usually used as source ports when your system is communicating to a destination port, it will pick one of these port numbers for temporary use. The destination then knows which port to send back to. IANA (Internet Assigned Numbers Authority) are responsible for these assignments.

 

Below is a list of ports mapped to commonly used protocols

 

20 FTP (for File Transfer Protocol) – Data Port
21 FTP (File Transfer Protocol) – Command Port
22 SSH (Secure Shell) - Used for secure remote access
23 Telnet – Used for insecure remote access, data sent in clear text
25 SMTP (Simple Mail Transport Protocol) – Used to send email
53 DNS (Domain Name Service) – Used to resolve DNS names to public IP addresses
68 DHCP (Dynamic Host Configuration Protocol) – Used to assign IP addresses to clients
80 HTTP (Hypertext Transfer Protocol) - Used to browse the web
110 POP3 (Post Office Protocol, version 3) - Used to retrieve email from a server
115 SFTP (Secure File Transfer Protocol) - Secure file transfer
119 NNTP (Network News Transfer Protocol) – For transferring news articles between news servers
123 NTP (Network Time Protocol) For synchronising system time with a time server on the public network.
161 SNMP (Simple Network Management Protocol) For receiving system management alerts
163 IMAP (Internet Message Access Protocol 4) For retrieving emails
389 LDAP (Lightweight Directory Access Protocol) Querying directory services such as Active Directory
443 SSL (Secure Socket Layer) Using a secure web connection
445 SMB (Server Message Block) For shared access to files and printers


Examples of some popular registered ports
1433 Microsoft SQL Server 
1494 Citrix ICA Protocol 
1503 Windows Live Messenger
5190 ICQ and AOL Messenger 
5800 VNC over HTTP remote Desktop
1719/1720 H.323
1812 Radius authentication protocol
2967 Symantec Antivirus
6891-6900 BitTorrent
23399 Sky default protocol
2302 Halo game
3724 World Of Warcraft online game

 

What are IP Addresses


An IP Address in the human world is like our home or building address. If someone wanted to send a letter to another person they need to know where to send this, they would need to know which country, which county, name of city, name of street and actual number of the building, well IP addresses work in exactly the same way. IP addresses are used to identify clients and servers all over the world.

Today we use two different versions of IP addressing, IPv4 and IPv6. Basically IPv6 was introduced due to IPv4 addresses running out very quickly. IPv6 has far more addresses than IPv4, as well as many other enhanced features. However IPv4 has actually lasted longer than first assumed due to NAT and use of private addressing.

IP addresses have to be unique otherwise there would be conflicts of addressing and other problems. In IPv4 however there are a range of private reserved addresses we can all use as long as they are unique within our private network. So for example company A can use the same IP address range as Company B as long as they can not see each other's addressing scheme. If company A or B wanted to communicate on the public network, they would do this with their unique public IP address or addresses which would identify them uniquely.


The range of reserved addresses by IANA used for private addressing are;


10.0.0.0 – 10.255.255.255 (Class A address range) – Suitable for very large enterprise sized networks


172.16.0.0 – 172.31.255.255 Class B address range) – Suitable for medium/large networks


192.168.0.0 – 192.168.255.255 (Class C address range) - Suitable for small networks


Public addresses are assigned by IANA and have allocated a certain amount for each country, ISP and so on. A company can purchase one or more public addresses from their ISP. Although there can be many clients within a company, usually only one public IP address is required to communicate to the outside world such as when browsing the web, this is explained in more detail on the NAT tutorial page.