Can someone demystify computer Ports for me? Please? Blocking, unblocking, opening, allowing, VPNs and their effect, what ports are and what they do, step by step, when you have to interact with them?

Melatonin@lemmy.dbzer0.com to Asklemmy@lemmy.ml – 228 points –

It's the one thing when I'm configuring things that makes me wince because I know it will give me the business, and I know it shouldn't, but it does, every time. I have no real idea what I'm doing, what it is, how it works, so of course I'm blindly following instructions like a monkey at a typewriter.

Please guide me into enlightenment.

60

You are viewing a single comment

Just think of your computer or server as a huge building with thousands of doors. Most are closed, but you purposely open a few to allow traffic in and/or out of. Those that are open are only open for a specific purpose and will only lead in or out of a specific place in the building.

Not OP but wondered the same thing for ages. Thanks for your concise reply. Am I right in thinking ports aren't actually physical things but entirely logical instead ? I always assumed they were physical "pipes" because of the name but in the light of replies here it feels like I assumed wrong

They're defined by the software that listens for incoming connections. For example, a web server will (by default) open a listening port on port 80, as that's what is defined in the http standard. If said server supports https (which most of them do) it will also open a listening socket on 443.

It's easy to reconfigure a webserver (or any other server) to listen on any other port instead, provided that it's not already claimed by a different server software. The only caveat is that any clients that want to connect will have to specify the correct port. For example, if the webserver is instead running on port 1234, you'd type http://example.com:1234/ in the address field.

Ports are identified by their number which is in the range of 1 through 65535. The first 1024 ports are "official", which can often be observed by the fact that most of the fundamental protocols that makes the internet function is in this range (http, https, ftp, ssh, dns, smtp, pop3, imap just to name a few). And on linux systems, opening a listening socket on a port below 1024 requires root privileges.

It's worth noting that no port number is "better" than any other. Port 2 will work just as well as 22222. It's just a way for a server to know which server software should receive the incoming packets.

A bit beyond what you're asking, but I consider it a natural furtherance thereof: you can talk to a webserver manually by using telnet. It's easy, I just don't remember the syntax in my head, but it's an easy question for google.