Monday, March 17, 2014

Ports...

Recently I was asked about ports and it made me realize how little I knew about them….not only that but what I did know I wasn't exactly confident about.  In Linux there are 65536 standard ports.  This is actually a packet limitation not Linux.   Within a packet there is a space allocated for Source Port and Destination Port each space is 16 bit.  So the result is 2^16 = 65536 or 0 through 65535.  So that means there are 65536 places for a remote application to communicate.  Now it is important to note these are not physical ports, they are 100% software and are bound by the limitations of the protocols that utilize them (Primarily UDP/TCP).  The physical component would be the network interface card better known as a NIC.  Each NIC can have one or more physical ports associated with it….not to be confused with the software ports previously mentioned.
So…why all the fuss over ports?
Well the questions I was asked involved port limitations.  For instance can more than one connection exist on a port at any given time? 
I guess to start with it is important to realize that a port is nothing more than a construct with which an application can utilize for a specific type of communication.   Can a physical port receive more than one packet at a time?  No.  So how can a software port maintain more than one connection?  See this is where things get interesting….because while we like to think of a port as a place to dock and stay a while it really isn't.  It is more or less just a number with which an application binds to in order to receive packets…a filtering mechanism more or less for network traffic at the application layer.
So how are connections made then?  The socket!  A socket is a connection between two sources usually defined by the source IP/Port and destination IP/Port.  In the client server model typically the server listens on a specific port for incoming connections while the client picks from a range of ports to connect with.
Example:
Server A:
   IP: 5.6.7.8
   PORT:3000
CLIENT A:
   IP: 9.6.7.1
   PORT:5000
CLIENT A:
   IP: 9.6.7.1
   PORT:5001
CLIENT B:
   IP: 9.6.7.2
   PORT:5000
So CLIENT A has two connections to the server identified as:
Connection 1:  5.6.7.8:3000-9.6.7.1:5000
Connection 2:  5.6.7.8:3000-9.6.7.1:5001
And CLIENT B has one connection as:
Connection 1:  5.6.7.8:3000-9.6.7.2:5000

So can a port have multiple connections at the same time?  Yes.