Networking

Understanding Ports and Protocols in Networking - A Beginner’s Guide with CLI Examples

Himanshu Pal

Himanshu Pal

Understanding Ports and Protocols in Networking - A Beginner’s Guide with CLI Examples

Introduction

When you first start with networking, the terms ports and protocols can feel abstract. But they’re actually simple ideas that run almost everything you do online. Without them, things like opening a website, sending a message, or joining a video call wouldn’t work at all.

A port is a numbered doorway into your computer or server. Each one has a specific use. Port 22 is for SSH, port 80 for HTTP, and port 443 for HTTPS.

A protocol is the language spoken through those doors. Devices on a network need to agree on the same protocol so they can understand each other, like people needing a common language to have a conversation.

Together, ports and protocols make sure data finds the right path and gets delivered in a way that makes sense. For example, when you visit a secure website, your browser uses the HTTPS protocol on port 443 to fetch the page safely.


What Are Ports?

A port is a virtual entry point that, together with an IP address, tells a computer where network traffic should be delivered. You can think of the IP address as the street address and the port as the specific door inside the building.

Types of Ports

  • Well-Known Ports (0–1023): Reserved for core internet services.

    • FTP: 20/21

    • SSH: 22

    • SMTP: 25

    • DNS: 53

    • HTTP: 80

    • HTTPS: 443

  • Registered Ports (1024–49151): Assigned to applications and services.

    • Example: MySQL uses port 3306

    • In VoIP systems, SIP signaling often runs on port 5060 (UDP/TCP) or 5061 (TLS for secure SIP).

  • Dynamic/Ephemeral Ports (49152–65535): Chosen temporarily by the operating system for outgoing connections. These change frequently and aren’t tied to a single service.

CLI Example – Check Open Ports

netstat -tuln    # Older but still available on many systems
ss -tuln         # Preferred modern replacement for netstat

These commands show which ports are listening for incoming connections. On an Asterisk server, you’ll usually see SIP (5060/5061) and RTP ranges (by default 10000–20000) if the service is running.


What Are Protocols?

A protocol is a set of rules that define how data moves across a network. Just like two people need to agree on a common language to have a conversation, devices must use the same protocol to understand each other.

Categories of Protocols

  • Application Layer Protocols: Handle user-facing services.

    • Examples: HTTP/HTTPS (web), FTP (file transfer), DNS (name resolution), SMTP (email).

    • In VoIP, SIP (Session Initiation Protocol) is also an application-layer protocol that sets up and manages calls.

  • Transport Layer Protocols: Control how data is delivered between devices.

    • TCP (Transmission Control Protocol): Reliable, connection-oriented (used for HTTP, HTTPS, SMTP).

    • UDP (User Datagram Protocol): Faster, connectionless (commonly used for VoIP and real-time traffic like RTP).

  • Network Layer Protocols: Define how packets travel across networks.

    • IP (Internet Protocol): Routing and addressing.

    • ICMP (Internet Control Message Protocol): Used for diagnostics like ping.

Quick Difference:

  • Protocol = Language (rules of communication)

  • Port = Door (entry point where communication happens)

CLI Example – Test Protocols with Ports

Check connectivity to a port using TCP:

nc -zv google.com 443

Send a quick UDP test (useful in VoIP setups):

nc -u -zv your-asterisk-server-ip 5060

Test DNS queries (UDP, port 53):

dig google.com

TCP vs UDP – Core Transport Protocols

At the transport layer, two main protocols carry most of the internet’s traffic: TCP and UDP.

  • TCP (Transmission Control Protocol):

    • Reliable, connection-oriented, and ensures data arrives in order.

    • Adds error-checking and retransmission if packets are lost.

    • Best for use cases where accuracy matters more than speed.

    • Commonly used by: HTTP, HTTPS, SMTP (Email), SSH.

  • UDP (User Datagram Protocol):

    • Faster, connectionless, and sends packets without waiting for acknowledgments.

    • No guarantee that packets arrive, but less overhead.

    • Ideal for real-time communication where speed matters more than perfection.

    • Commonly used by: DNS, VoIP (SIP signaling, RTP audio streams), online gaming, video streaming.

In VoIP: SIP signaling often uses UDP (port 5060), and voice traffic runs over RTP (usually ports 10000–20000). This keeps calls responsive, even if a packet drops here and there.

CLI Examples

Trace protocol usage with packet capture:

sudo tcpdump -i any tcp
sudo tcpdump -i any udp


How Ports and Protocols Work Together

A port by itself is just a number, and a protocol by itself is just a set of rules. They only become useful when they work together.

Take this example:

https://example.com
  1. DNS resolves the name

    • Your browser looks up example.com and finds the server’s IP address (say 93.184.216.34).

  2. Browser chooses the port

    • Because you typed https://, the browser knows to use port 443.

    • If it were http://, it would use port 80.

  3. Protocol defines the conversation

    • On port 443, the browser doesn’t just send raw data. It uses the HTTPS protocol (HTTP + TLS encryption) so both sides know how to start, verify, and exchange data securely.

  4. Server listens and responds

    • The server has a program (web server like Apache or Nginx) listening on port 443.

    • That program understands HTTPS, so it can reply in a way the browser understands.

Without the port, your request wouldn’t reach the right program.
Without the protocol, the program wouldn’t know how to interpret the request.

CLI Example – Check Services on Ports

List listening services on your system:

ss -tuln

Check what program is bound to a port:

sudo lsof -i :443

Test a specific protocol and port (HTTPS on port 443):

nc -zv example.com 443

In VoIP setups, the same idea applies:

  • SIP signaling runs on port 5060 (UDP or TCP) with the SIP protocol.

  • Media streams use RTP, typically on ports 10000–20000 (UDP).
    This pairing ensures that both the call setup (SIP) and the audio (RTP) reach the right place and follow the right rules.


Real-World Use Cases

Ports and protocols show up in almost everything you do online. Here are some common examples:

  • Web Browsing

    • HTTP runs on port 80

    • HTTPS runs on port 443

    • When you type a URL, your browser automatically picks the right protocol and port to fetch the page.

  • File Transfer

    • FTP uses port 21 for unencrypted transfers

    • SFTP runs over SSH on port 22, making it secure

    • System admins often prefer SFTP when moving backups or configs between servers.

  • Remote Access

    • SSH on port 22 lets you securely log into Linux servers

    • RDP on port 3389 is used for Windows remote desktops

  • Gaming and Streaming

    • Most games and video streams rely on UDP

    • Speed matters more than reliability here, so a few dropped packets don’t break the experience

  • VoIP and Video Calls

    • SIP signaling typically runs on port 5060 (or 5061 if encrypted with TLS)

    • RTP carries the actual audio/video over dynamic UDP ports (commonly 10000–20000 in Asterisk)

    • This combination makes real-time calls possible without noticeable delay

Use Case

Protocol(s)

Port(s)

Notes

Web Browsing

HTTP / HTTPS

80 / 443

HTTPS is secure (TLS)

File Transfer

FTP / SFTP

21 / 22

SFTP runs over SSH

Remote Access

SSH / RDP

22 / 3389

SSH for Linux, RDP for Windows

Gaming / Streaming

UDP-based traffic

Varies

Uses UDP for low latency

VoIP / Video Calls

SIP / RTP

5060, 5061 / 10000–20000 (UDP)

Common in Asterisk and other VoIP systems


Ports, Protocols, and Security

Every open port on a server is a potential entry point. If a service is listening, an attacker can try to interact with it, sometimes in ways the admin never intended.

Common Threats

  • Port Scanning: Attackers probe a server to see which ports are open and what services are running. Tools like nmap make this easy.

  • Brute-Force Attacks: Services like SSH on port 22 are common targets for repeated login attempts.

  • DDoS (Distributed Denial of Service): Flooding a port (like SIP 5060 on VoIP servers) with fake traffic to overload the service.

  • Exploiting Weak Services: Outdated software on known ports (e.g., unpatched FTP on 21) can be exploited.

Best Practices

  • Close Unused Ports: Don’t run services you don’t need.

  • Use Firewalls: Allow only required ports.

    • Example: open 22 for SSH, block 23 if Telnet isn’t needed.

  • Restrict Access: Limit SSH or SIP access by IP where possible.

  • Monitor Regularly: Watch for unusual traffic with tools like fail2ban, iptables, or intrusion detection systems.

  • Change Defaults (when possible): Moving SIP off port 5060 or SSH off port 22 won’t stop targeted attacks, but it can cut down on automated scans.

CLI Examples

Check open ports on your system:

ss -tuln

Scan a host for open ports (replace IP with target):

nmap -Pn 192.168.1.10

Allow SSH but block Telnet with UFW:

sudo ufw allow 22/tcp
sudo ufw deny 23/tcp

Check failed SSH login attempts:

sudo grep "Failed password" /var/log/auth.log

For VoIP servers (like Asterisk):

  • Restrict SIP (5060/5061) and RTP ranges (10000–20000) with firewalls

  • Use fail2ban to block repeated SIP register attempts


Troubleshooting with Ports and Protocols

Many network issues boil down to two things:

  1. The right port isn’t open or reachable

  2. The right protocol isn’t being used or understood

Common Problems

  • Website not loading → HTTPS blocked on port 443

  • Can’t SSH into server → Port 22 closed or firewalled

  • VoIP call has no audio → SIP connects on 5060, but RTP media ports are blocked

  • DNS failures → UDP port 53 unreachable


Conclusion

Ports decide where traffic goes, and protocols define how it flows. Together, they form the foundation of networking — from browsing websites to making VoIP calls.

By practicing with command-line tools like ss, nmap, curl, and tcpdump, you can see how services run, spot issues, and secure your systems.

Tip for Beginners: check ports on your own machine, run simple tests, and watch how traffic behaves. Over time, these skills will help you troubleshoot faster, secure your servers, and understand the networks you work with.


Community Comments

0 comments