TCP/IP Ports and Addresses

Each machine in the network shown below, has one or more network cards. The part of the network
that does the job of transporting and managing the data across the network is called TCP/IP which
stands for Transmission Control Protocol (TCP) and Internet Protocol (IP). There are other alternative
mechanisms for managing network traffic, but most, such as IPX/SPX for Netware, will not be
described here in much detail. The IP layer requires a 4 (IPv4) or 6 (IPv6) byte address to be assigned
to each network interface card on each computer. This can be done automatically using network
software such as dynamic host configuration protocol (DHCP) or by manually entering static
addresses into the computer.

Ports

The TCP layer requires what is called a port number to be assigned to each message. This way it can
determine the type of service being provided. Please be aware here, that when we are talking about
"ports" we are not talking about ports that are used for serial and parallel devices, or ports used for
computer hardware control. These ports are merely reference numbers used to define a service. For
instance, port 23 is used for telnet services, and HTTP uses port 80 for providing web browsing
service. There is a group called the IANA (Internet Assigned Numbers Authority) that controls the
assigning of ports for specific services. There are some ports that are assigned, some reserved and
many unassigned which may be utilized by application programs. Port numbers are straight unsigned
integer values which range up to a value of 65535.

Common Common
Port # Service Port # Service
Protocol Protocol
7 TCP echo 80 TCP http
9 TCP discard 110 TCP pop3
13 TCP daytime 111 TCP sunrpc
19 TCP chargen 119 TCP nntp
20 TCP ftp-control 123 UDP ntp
21 TCP ftp-data 137 UDP netbios- ns
23 TCP telnet 138 UDP netbios-dgm
25 TCP smtp 139 TCP netbios-ssn
37 UDP time 143 TCP imap
43 TCP whois 161 UDP snmp
53 TCP/UDP dns 162 UDP snmp-trap
67 UDP bootps 179 TCP bgp
68 UDP bootpc 443 TCP https (http/ssl)
69 UDP tftp 520 UDP rip
70 TCP gopher 1080 TCP socks
79 TCP finger 33434 UDP traceroute
Addresses
Addresses are used to locate computers. It works almost like a house address. There is a numbering system to
help the mailman locate the proper house to deliver customer's mail to. Without an IP numbering system, it
would not be possible to determine where network data packets should go.

IPv4, which means internet protocol version 4, is described here. Each IP address is denoted by what is called
dotted decimal notation. This means there are four numbers, each separated by a dot. Each number represents a
one byte value with a possible mathematical range of 0-255. Briefly, the first one or two bytes, depending on
the class of network, generally will indicate the number of the network, the third byte indicates the number of
the subnet, and the fourth number indicates the host number. This numbering scheme will vary depending on
the network and the numbering method used such as Classless Inter-Domain Routing (CIDR) which is
described later. The host number cannot be 0 or 255. None of the numbers can be 255 and the first number
cannot be 0. This is because broadcasting is done with all bits set in some bytes. Broadcasting is a form of
communication that all hosts on a network can read, and is normally used for performing various network
queries. An address of all 0's is not used, because when a machine is booted that does not have a hardware
address assigned, it provides 0.0.0.0 as its address until it receives its assignment. This would occur for
machines that are remote booted or those that boot using the dynamic host configuration protocol (DHCP). The
part of the IP address that defines the network is referred to as the network ID, and the latter part of the IP
address that defines the host address is referred to as the host ID.

A pool of IP addresses can be shared by multiple hosts using a mechanism called Network Address Translation
(NAT). NAT, described in RFC 1631, is typically implemented in hosts, proxy servers, or routers. The scheme
works because every host on the user's network can be assigned an IP address from the pool of RFC 1918
private addresses; since these addresses are never seen on the Internet, this is not a problem.

FIGURE 6. Network Address Translation (NAT).

Consider the scenario shown in Figure 6. When the user accesses a Web site on the Internet, the NAT server
will translate the "private" IP address of the host (192.168.50.50) into a "public" IP address (220.16.16.5) from
the pool of assigned addresses. NAT works because of the assumption that, in this example, no more than 27 of
the 64 hosts will ever be accessing the Internet at a single time.

But suppose that assumption is wrong. Another enhancement, called Port Address Translation (PAT) or
Network Address Port Translation (NAPT), allows multiple hosts to share a single IP address by using different
"port numbers"

FIGURE 7. Port Address Translation (PAT).

Port numbers are used by higher layer protocols (e.g., TCP and UDP) to identify a higher layer application. A TCP
connection, for example, is uniquely identified on the Internet by the four values (aka 4-tuple) <source IP address, source
port, destination IP address, destination port>. The server's port number is defined by the standards while client port
numbers can be any number greater than 1023. The scenario in Figure 7 shows the following three connections:

• The client with the "private" IP address 192.168.50.50 (using port number 12002) connects to a Web server at
address 98.10.10.5 (port 80).
• The client with the "private" IP address 192.168.50.6 (using port number 22986) connects to the same Web server
at address 98.10.10.5 (port 80).
• The client with the "private" IP address 192.168.50.6 (using port number 8931) connects to an FTP server at
address 99.12.18.6 (port 21).

PAT works in this scenario as follows. The router (running PAT software) can assign both local hosts with the same
"public" IP address (220.16.16.5) and differentiate between the three packet flows by the source port.
A final note about NAT and PAT. Both of these solutions work and work fine, but they require that every packet be
buffered, dissassembled, provided with a new IP address, a new checksum calculated, and the packet reassembled. In
addition, PAT requires that a new port number be placed in the higher layer protocol data unit and new checksum
calculated at the protocol layer above IP, too. The point is that NAT, and particularly PAT, results in a tremendous
performance hit.

One advantage of NAT is that it makes IP address renumbering a thing of the past. If a customer has an IP NET_ID
assigned from its ISP's CIDR block and then they change ISPs, they will get a new NET_ID. With NAT, only the servers
need to be renumbered.

IP Internet Protocol
Acronyms and Abbreviations IPX Internetwork Packet Exchange
ISDN Integrated Services Digital Network
International Organization for
ARP Address Resolution Protocol ISO
Standardization
ARIN American Registry for Internet Numbers
ISOC Internet Society
Advanced Research Projects Agency
ARPANET International Telecommunication Union
Network
ITU-T Telecommunication Standardization
American Standard Code for Information Sector
ASCII
Interchange
MAC Medium (or media) access control
ATM Asynchronous Transfer Mode
Mbps Megabits (millions of bits) per second
BGP Border Gateway Protocol
NICNAME Network Information Center name service
BSD Berkeley Software Development
NSF National Science Foundation
International Telegraph and Telephone
CCITT NSFNET National Science Foundation Network
Consultative Committee
NTP Network Time Protocol
CIX Commercial Internet Exchange
OSI Open Systems Interconnection
CDPD Cellular Digital Packet Data protocol
CSLIP Compressed Serial Line Internet Protocol OSPF Open Shortest Path First
Defense Advanced Research Projects PING Packet Internet Groper
DARPA POP3 Post Office Protocol v3
Agency
DDP Datagram Delivery Protocol PPP Point-to-Point Protocol
DDS Digital data service Remote Authentication Dial-In User
RADIUS
DNS Domain Name System Service
Data Over Cable System Interface RARP Reverse Address Resolution Protocol
DOCSIS RIP Routing Information Protocol
Specification
DoD U.S. Department of Defense RFC Request For Comments
DWDM Dense Wave Division Multiplexing SDH Synchronous Digital Hierarchy
FAQ Frequently Asked Questions lists SLIP Serial Line Internet Protocol
FDDI Fiber Distributed Data Interface SMDS Switched Multimegabit Data Service
FTP File Transfer Protocol SMTP Simple Mail Transfer Protocol
FYI For Your Information series of RFCs SNAP Subnetwork Access Protocol
U.S. Government Open Systems SNMP Simple Network Management Protocol
GOSIP Interconnection Profile SONET Synchronous Optical Network
HDLC High-level Data Link Control SSL Secure Sockets Layer
HTML Hypertext Markup Language STD Internet Standards series of RFCs
HTTP Hypetext Transfer Protocol Terminal Access Controller Access
TACACS+
IAB Internet Activities Board Control System plus
IANA Internet Assigned Numbers Authority TCP Transmission Control Protocol
Internet Corporation for Assigned Names TFTP Trivial File Transfer Protocol
ICANN
and Numbers TLD Top -level domain
ICMP Internet Control Message Protocol UDP User Datagram Protocol
IESG Internet Engineering Steering Group WAP Wireless Application Protocol
IETF Internet Engineering Task Force Digital Subscriber Line family of
xDSL
IMAP Internet Message Access Protocol technologies
InterNIC Internet Network Information Center