Ports and Multiplexing OSI layer 4
The transport layer (OSI Layer 4) uses port numbers to manage multiple simultaneous network communications on a single device. Ports act as virtual channels that direct incoming and outgoing data to the correct application or service, enabling your computer to browse the web, download files, and check email all at the same time without confusion.
Key Points
- Ports are 16-bit numbers (0-65535) that identify applications and services.
- Multiplexing allows multiple simultaneous connections through port separation.
- Destination ports are well-known, fixed numbers that identify server services.
- Source ports are dynamically assigned by the client OS for each connection.
- Socket pairs (IP:Port combinations) uniquely identify each communication.
How Ports Enable Multiplexing
Multiplexing is the transport layer's ability to handle multiple communications simultaneously from the same host. Without port numbers, your operating system couldn't distinguish between data from different applications or services.
The Problem Ports Solve
A single machine typically:
- Runs multiple applications concurrently
- Communicates with several servers at once
- Uses different transport protocols (TCP and UDP)
Port numbers provide the solution by:
- Separating individual communications
- Routing incoming data to the correct application
- Identifying outgoing connections uniquely
Understanding Port Types
Destination Ports
Destination ports identify the service running on the server:
- Usually well-known and fixed numbers
- Standardized for common protocols
- Tell the server which application should handle the request
Common examples:
- HTTP web traffic → Port
80 - HTTPS secure web → Port
443 - FTP file transfer → Port
21 - SSH secure shell → Port
22 - Email (SMTP) → Port
25
Source Ports
Source ports identify the client's side of the connection:
- Dynamically chosen by the client operating system
- Selected from the ephemeral port range
- Unique for each connection instance
- Allow tracking of individual conversations
Key Distinction: Destination ports are predictable and service-specific; source ports are random and connection-specific.
Port Number Ranges
The full port range (0-65535) is divided into three categories:
| Port Range | Name | Usage | Assignment |
|---|---|---|---|
| 0 – 1023 | Well-Known Ports | Standard protocols and services | IANA-assigned, requires admin privileges |
| 1024 – 49151 | Registered Ports | Vendor applications and services | IANA-registered, available for general use |
| 49152 – 65535 | Dynamic/Ephemeral Ports | Client-side temporary connections | Automatically assigned by OS |
Socket Pairs: Complete Connection Identity
A socket (or connection pair) uniquely identifies each communication using four pieces of information:
[Client IP : Source Port] ↔ [Server IP : Destination Port]
Example: Multiple Simultaneous Connections
Client (192.168.1.10) Servers
│
├─ [192.168.1.10:3166] → [Facebook:80] (Web browsing)
├─ [192.168.1.10:31061] → [Google:80] (Web browsing)
├─ [192.168.1.10:1305] → [FileServer:21] (FTP download)
└─ [192.168.1.10:49234] → [MailServer:25] (Sending email)
Each connection uses a different source port, allowing the operating system to:
- Keep conversations separate
- Deliver responses to the correct application
- Maintain multiple connections to the same destination port
Common Well-Known Ports Reference
| Port | Protocol | Service | Description |
|---|---|---|---|
20/21 | FTP | File Transfer | Data transfer (20) and control (21) |
22 | SSH | Secure Shell | Encrypted remote access |
23 | Telnet | Remote Access | Unencrypted remote terminal (deprecated) |
25 | SMTP | Sending outgoing mail | |
53 | DNS | Name Resolution | Domain name to IP address translation |
67/68 | DHCP | IP Configuration | Automatic network configuration |
80 | HTTP | Web Traffic | Unencrypted web browsing |
110 | POP3 | Retrieving email from server | |
143 | IMAP | Advanced email retrieval | |
443 | HTTPS | Secure Web | Encrypted web browsing |
Practical Example: Web Browser Connections
When you open multiple websites simultaneously:
-
Browser requests Facebook:
- Source: Your computer, port
3166(random) - Destination: Facebook server, port
80(HTTP)
- Source: Your computer, port
-
Browser requests Google:
- Source: Your computer, port
31061(different random port) - Destination: Google server, port
80(HTTP)
- Source: Your computer, port
-
Data returns:
- Facebook's response arrives at port
3166→ Browser displays on Facebook tab - Google's response arrives at port
31061→ Browser displays on Google tab
- Facebook's response arrives at port
The browser knows which data belongs to which website based on the source port in the response.
Server-Side Perspective
Servers listen on multiple ports simultaneously to provide different services:
Web Server (203.0.113.50)
│
├─ Port 80 → HTTP service (web pages)
├─ Port 443 → HTTPS service (secure web)
├─ Port 21 → FTP service (file transfers)
└─ Port 22 → SSH service (remote administration)
When a packet arrives, the destination port tells the server which service should process it.
Monitoring Ports with netstat
The netstat command displays active network connections and their ports:
Windows/Linux Command:
netstat -an
Sample Output Interpretation:
Proto Local Address Foreign Address State
TCP 192.168.1.10:3166 151.101.1.140:80 ESTABLISHED
TCP 192.168.1.10:31061 172.217.14.206:80 ESTABLISHED
TCP 192.168.1.10:1305 198.51.100.10:21 ESTABLISHED
This shows:
- Three active TCP connections
- Different source ports (3166, 31061, 1305) for each connection
- Connections to web servers (port 80) and FTP server (port 21)
Common Misconceptions
Avoid these errors:
- Confusing source and destination ports – Remember: destination identifies the service, source identifies the session
- Thinking servers use random ports – Servers use fixed, well-known ports so clients know where to connect
- Believing one port = one user – A server can handle thousands of connections on the same destination port
- Forgetting port ranges matter – Clients should only use ephemeral ports (49152-65535) for source ports
- Ignoring the IP address – The socket pair includes both IP and port; same port on different IPs = different connection
Key Takeaways
- Ports are 16-bit numbers (0-65535) that identify applications and services
- Destination ports are well-known, fixed numbers that identify server services
- Source ports are dynamically assigned by the client OS for each connection
- Socket pairs (IP:Port combinations) uniquely identify each communication
- Multiplexing allows multiple simultaneous connections through port separation
- Well-known ports (0-1023) are standardized and require administrative privileges
- Ephemeral ports (49152-65535) are used for temporary client connections
- The transport layer automatically manages port assignment and data routing
Learn More
Related Concepts
- TCP vs UDP: Different transport protocols use ports differently
- Port Forwarding: Redirecting external ports to internal network devices
- Firewalls: Control traffic based on port numbers and rules
- NAT (Network Address Translation): How routers handle port mapping for multiple internal devices
Standards References
- RFC 793 – Transmission Control Protocol (TCP)
- RFC 768 – User Datagram Protocol (UDP)
- RFC 6335 – IANA Service Name and Transport Protocol Port Number Registry
- IANA Port Registry – Official list of assigned port numbers