"Port", popularly speaking is a communication channel "door", all kinds of computer services and communications are through a specific port and external computer communication, like the common www, FTP, telnet service.
With the development of computer network technology, the original physical interface (such as keyboard, mouse, network card, display card and other input/output interface) can not meet the requirements of network communication, TCP/IP protocol as a standard protocol for network communication solves this communication problem. The TCP/IP protocol is integrated into the kernel of the operating system, which is equivalent to introducing a new input/output interface technology into the operating system. Because of the introduction of a TCP/IP protocol called a "socket" (socket) application interface. With such an interface technology, a computer can communicate with any computer that has a socket interface in a software way.
With these ports, how do these ports work? For example, why can a server be a Web server, an FTP server, or a mail server? One important reason is that various services use different ports to provide different services, for example, usually the TCP/IP protocol specifies that the web uses port 80th, FTP Port 21st, and so on, and the mail server is a (SMTP service), the POP3 service port number. This way, through different ports, the computer can communicate with the outside world with non-interference.
Each computer host can have 65 535 ports, but in fact commonly used end eloquence dozens of, thus can see the undefined port quite a lot. This is the reason why so many hacker programs can use some method to define a special port to achieve the purpose of the intrusion. In order to define this port, it is necessary to rely on a program to automatically load into memory before the computer starts, forcing the computer to open that particular port. This program is the "backdoor" program. These backdoor procedures are often said Trojan horse program. In short, these Trojans before the invasion is by some means in a personal computer implanted a program, open a certain (some) specific port, commonly known as "backdoor" (backdoor), make this computer become an open very high (user has very high privilege) FTP server, Then from the back door can reach the purpose of intrusion.
1. Classification of ports
Port classification According to its reference objects have different partitioning method, if the nature of the port from the point of separation, usually can be divided into the following categories.
Recognized port (well known Ports): This type of port is also often referred to as a "common port". The port numbers of such ports are from 0 to 1023, and they are tightly bound to certain services. Usually the communication of these ports clearly indicates the protocol of a service, which can no longer redefine its object. For example, port 80th is actually always used for HTTP communication, while Port 23rd is dedicated to the Telnet service. These ports are usually not exploited by hacking programs such as Trojans. In order to give you a little more understanding of these common ports, the services for these ports will be listed in detail later in this chapter for your understanding and reference.
Register port (registered Ports): Port number from 1 024 to 49 151. They are loosely tied to some services. This means that there are many services bound to these ports, which are also used for many other purposes. Most of these ports do not explicitly define the service object, the different programs can be defined according to the actual needs, such as the remote control software and Trojan horse program to be described in the following will have the definition of these ports. Keep in mind that these common program ports are necessary to protect and Avira Trojan horse programs. The port used by the common Trojan will be followed by a detailed list.
Dynamics and/or private ports (dynamic and/or private Ports): Port numbers from 49 152 to 65 535. In theory, these ports should not be assigned to the service. In fact, some of the more special programs, especially some Trojan horse programs like to use these ports, because these ports are often not attracted attention, easy to hide.
2. TCP and UDP protocol ports
If depending on the mode of service provided, the port ("port" here specifically for the transport layer) can also be divided into "TCP protocol Port" and "UDP protocol Port" two (in fact, other protocols also have "port", but they are not called ports, but called "protocol number", such as the IP protocol number). These two communication protocols are generally used for communication between computers. The "Connection method" described earlier is a direct connection to the receiving party, and after sending the message, you can confirm that the information arrives. This approach mostly uses the TCP protocol, and the other is not directly connected to the receiver, just put the information on the Internet, regardless of whether the information arrives, that is, the "no Connection method" described earlier. In this way, most of the UDP protocol is used, and the IP protocol is a non-connected method. The ports provided for services that use these two communication protocols are also classified as "TCP protocol Ports" and "UDP protocol Ports".
Common ports that use the TCP protocol are mainly the following.
FTP: Defines the file transfer protocol, using port 21st. Often said that a computer opened the FTP service is to start the file transfer service. The FTP service is used to download files and upload the homepage.
Telnet: It is a port for remote login, which allows users to connect remotely to a computer in their own capacity, which provides a DOS-based communication service. As the previous BBS is a pure character interface, support BBS server will open port 23rd, external services.
SMTP: A Simple mail delivery protocol is defined, and many mail servers now use this protocol for sending messages. such as the usual free mail service is used in this mail server port, so in the e-mail settings are often seen in the SMTP port settings This column, the server is open Port 25th.
POP3: Corresponds to SMTP for receiving messages. Typically, the POP3 protocol uses port 110th. Also said, as long as there is a corresponding program using the POP3 protocol (such as Foxmail or Outlook), you can not log into the mailbox Web-based interface (if 163 mailbox is not necessary to first enter the NetEase website, and then into their own mailbox to receive the letter), directly by mail program can be received mail.
There are several common ways to use UDP protocol ports.
HTTP: This is the most widely used protocol, which is often called "Hypertext Transfer Protocol." When you surf the Web, you have to open its port 80th on the computer that provides the Web resources to provide the service. Commonly said WWW service, Web server with this port.
DNS: Used for domain name resolution services. This service is most used in Windows NT systems. Every computer on the Internet has a corresponding network address, which is often said to be an IP address, which is expressed in the form of a pure number. However, it is inconvenient to remember, so there is a domain name, access to the computer only need to know the domain name, domain name and IP address transformation between the DNS server to complete. DNS is using port 53rd.
SNMP: Simple Network Management protocol, using port 161th, is used to manage network devices. Because of the many network devices, the non-connected service embodies its advantages.
OICQ: The program not only accepts services, but also provides services, so that two of people chatting are equal. OICQ uses a non-connected protocol, it is also said that it is using the UDP protocol, its server uses 8 No. 000 port, listen for information to come, the client uses 4 No. 000 port, send out information. If both ports are in use (there are many people chatting with several friends at the same time), add them in order.
About binding IP address and port number Insights
The client and the server can specify the IP address or port number by calling the function bind, which can either be specified or not specified, depending on the desired result, the sin_addr and Sin_port, or sin6_addr and Sin6_port should be set to why the value is summarized below:
process Specifies the result IP address port
Wildcard Address 0 Core Select IP address and port
Wildcard Address not 0 core Select IP address, process specified port
Local IP Address 0 process Specify IP address, kernel select port
Local IP Address not 0 process specifies IP address and port
L Client
1. TCP Client:
1) When the TCP client is not bound to an IP address, the kernel will bind an IP address and a temporary port number to it based on the out-of-office interface when it calls Connect. And the TCP server will respond to this IP address as the destination IP address of the datagram after receiving this connection.
2) When the TCP client binds the IP address, it specifies a source IP address for the data connection being sent, and the TCP server will use this IP address as the destination IP address for the datagram in response to the connection.
3) TCP clients can only accept datagrams based on four tuples (original port number, original IP address, destination port number, destination IP address).
2. UDP Client:
1) When the UDP client is not bound to an IP address, when it calls SendTo, the kernel binds an IP address and a temporary port number to it based on the out-of-office interface. (A UDP client can receive any UDP datagram that reaches the ephemeral port it binds to).
2) When the UDP client binds the IP address, it specifies a source IP address for the datagram sent, and the UDP server receives the datagram with the IP address as the destination IP address of the datagram. (A UDP client can only receive a UDP datagram that reaches its bound temporary port and the destination address is the IP address it binds to).
3) When the UDP client calls connect, the kernel records the other's IP address and port number, which is contained in the socket address structure passed to connect, and binds a temporary port number and IP address to the UDP client. (A UDP client can only receive the destination IP address for which the IP address and port number is bound, and the source IP address specifies the IP address and port number of the caller for the datagram).
L Server-side
1. TCP Server:
1) When the TCP server binds the IP address, the socket receives any TCP connections that reach its bound port. and to receive the destination IP address as its source IP address (to determine the four source group), to receive the source IP address as its destination IP address to send back the reply.
2) When the TCP server binds the IP address, this restricts the socket interface to only receive client connections that reach it's bound port and the destination address for this IP address. With the destination IP address of the binding as the source IP address (of course, the bound IP address must be the same as the destination IP address of the receiving connection, otherwise it will not be received), and the received source IP address as its destination IP address to send back the reply.
2. UDP Server:
1) When a UDP server binds to an IP address, the socket receives any UDP datagrams that reach its bound port. and the primary IP address of the datagram's out-of-office interface is the source IP address, and a reply is sent back to the source IP address received as its destination IP address.
2) When the UDP server binds the IP address of the machine, this restricts the socket interface to only receive UDP datagrams that reach its bound port and the destination address for this IP address. And the IP address of the binding as the source IP address, to receive the source IP address as its destination IP address to send back the reply.
3) When the UDP server calls connect, the kernel records the IP address and port number of each other, which is contained in the socket address structure passed to connect and binds a temporary port number and IP address to the UDP server. (The UDP server can only receive the destination IP address for which it binds the IP address and port number and the source IP address for it specifies the IP address and port number of the other datagram).
About binding IP address and port number Insights
