NetworkingBeginner24 min read

What Is Port number in Networking?

Reviewed byJohnson Ajibi· Senior Network & Security Engineer · MSc IT Security

This page mentions older exam versions. See the Current Exam Context and Legacy Exam Context sections below for the updated mapping.

On This Page

Quick Definition

A port number is like an apartment number in a building. The IP address gets data to the right building (your computer), and the port number makes sure the data goes to the right apartment (the specific app or service, like email or a web browser). It's a way for computers to know which program should receive incoming information.

Commonly Confused With

Port numbervsProtocol number

A protocol number identifies the protocol (like TCP = 6, UDP = 17) in the IP header, while a port number identifies the specific application in the TCP or UDP header. They operate at different layers. Protocol numbers are in the Network layer header, port numbers in the Transport layer header.

When you see an IP packet, the protocol number tells if it's TCP or UDP. The port number inside the TCP header tells if it's HTTP (80) or HTTPS (443).

Port numbervsIP address

An IP address identifies a device on a network (like a house address). A port number identifies a specific service or application on that device (like a person in the house). Both are needed to establish a complete network connection.

Your laptop has one IP address. When you run a web browser and an email client at the same time, the IP address is the same, but the port numbers (ephemeral) differ for each outgoing connection.

Port numbervsSocket

A socket is a combination of an IP address and a port number, forming the endpoint of a connection. A port number is just one part of a socket. The socket includes both the IP and the port.

A socket might look like 192.168.1.10:80. Here, 192.168.1.10 is the IP address, and 80 is the port number. Together they form the socket.

Port numbervsMAC address

A MAC address is a hardware address burned into a network interface card, used at the Data Link layer for local delivery. A port number is a software construct used at the Transport layer to identify application processes. MAC addresses are static, port numbers are dynamic.

When you connect to a website, your MAC address is used to deliver packets within your local network, but the port number ensures the web browser (not the email app) receives the data.

Must Know for Exams

Port numbers appear in most major IT certification exams, including CompTIA Network+, CompTIA Security+, CCNA, and various vendor-specific exams. They are tested both directly and indirectly. For example, in the CompTIA Network+ exam (N10-008), you are expected to know common port numbers and their associated protocols. Objective 1.1 covers "Compare and contrast the OSI model layers" and the Transport layer (Layer 4) relies heavily on port numbers. Objective 1.2 asks you to "Compare and contrast TCP and UDP ports, protocols, and their purposes." You need to memorize about 20 well-known port numbers for the exam, such as FTP (20, 21), SSH (22), Telnet (23), SMTP (25), DNS (53), HTTP (80), HTTPS (443), DHCP (67, 68), and others.

In CompTIA Security+ (SY0-601), port knowledge is required for understanding firewall rules, network segmentation, and secure protocols. You must know which ports are associated with secure versus insecure services, like SMTPS (port 587) versus SMTP (port 25), or LDAPS (port 636) versus LDAP (port 389). Questions may present a scenario where you need to identify the correct port to open for a specific service.

In Cisco CCNA (200-301), port numbers are used when configuring access lists, NAT, and routing. You need to understand how to permit or deny traffic based on port numbers in an ACL. For example, a question might ask: "Which ACL entry allows web traffic from a specific subnet?" You would need to know that web traffic uses port 80.

Exam questions can be straightforward: "What port does HTTPS use?" Answer: 443. Or they can be scenario-based: "A technician is troubleshooting a web server that is not accessible from the internet. The server is running on port 8080. Which configuration change is needed?" The correct answer might involve configuring port forwarding on the router to forward port 8080 to the server's internal IP. Another common question type is a drag-and-drop where you match port numbers to services.

Because port numbers are a foundational concept, you can expect them in at least 5-10% of exam questions in networking-related certifications. It is not enough to just memorize numbers, you must understand the context of when each port is used and how it relates to the protocol above it.

Simple Meaning

Imagine you live in a large apartment building. The building's address is like an IP address, it gets mail to the correct building. But once the mail arrives, someone needs to figure out which apartment receives each letter. That's where the port number comes in. Each apartment (or application) has its own unique number inside the building. For example, apartment 80 is where web servers live, and apartment 443 is where secure web servers live.

Your computer, phone, or any device on a network has a single IP address, but it can run many programs at the same time, a web browser, an email client, a game, and a video call app all at once. Port numbers allow the operating system to distinguish between these programs. When data arrives from the internet, the operating system looks at the port number in the packet and hands the data to the right program.

Ports range from 0 to 65535. The first 1024 are called "well-known ports" and are reserved for common services like web traffic (port 80), email (port 25), and file transfer (port 21). Higher numbers are used by your own computer for temporary outgoing connections. Without port numbers, your computer wouldn't know whether an incoming message was for your email client or your browser, it would just get confused.

Think of it as a big mailroom with numbered slots. Your IP address is the building, each slot is a port, and each letter is a packet of data. The mailroom worker (your operating system) sorts the letters into the correct slots so the right person (the application) gets their mail.

Full Technical Definition

A port number is a 16-bit unsigned integer, ranging from 0 to 65535, used in the transport layer of the TCP/IP protocol suite. It is combined with an IP address to form a socket, which uniquely identifies an endpoint in a network connection. The port number allows the operating system to demultiplex incoming network packets and deliver them to the correct application process.

Port numbers are divided into three ranges by the Internet Assigned Numbers Authority (IANA). Well-known ports (0-1023) are reserved for system processes or widely used services. Examples include HTTP on port 80, HTTPS on port 443, FTP on port 21, SSH on port 22, DNS on port 53, and SMTP on port 25. Registered ports (1024-49151) are used by applications that are not as critical but still need a consistent port, like many database systems or proprietary protocols. Dynamic or private ports (49152-65535) are used for temporary client-side connections, assigned by the operating system when an application initiates an outgoing request.

In TCP and UDP headers, the source port and destination port fields are each 16 bits. The source port is usually a high-numbered ephemeral port chosen by the client, while the destination port is the well-known port of the service being contacted. The combination of source IP, source port, destination IP, destination port, and protocol (TCP or UDP) creates a unique five-tuple that identifies each connection. This allows a single server to handle thousands of simultaneous connections because each client uses a different source port.

Port forwarding is a common technique in routers that allows external devices to reach services on a private local network. For example, a router can be configured to forward all traffic arriving on its public IP on port 80 to an internal web server on a specific private IP. In firewalls, port numbers are used in access control lists (ACLs) to permit or deny traffic based on the service. Security professionals often scan for open ports to discover vulnerable services.

In modern IT environments, containers and virtual machines each have their own port spaces, but they can map internal ports to host ports. Tools like netstat, ss, and nmap are used to inspect port usage on a system. Understanding port numbers is fundamental to network troubleshooting, server administration, and cybersecurity.

Real-Life Example

Think of a large hotel with a single main address and many different rooms. The hotel address is like an IP address, it allows guests to find the building. But once inside, each room has its own number. Room 80 is the front desk where people ask for directions (that's HTTP), room 443 is the business center where confidential documents are handled (HTTPS), room 25 is the mailroom (SMTP), and room 53 is the information desk where you ask about room numbers (DNS).

When a guest arrives looking for a specific service, the hotel concierge (the operating system) checks the room number on their request and guides them to the correct door. If a guest arrives asking for room 80, the concierge knows to send them to the front desk. If another guest asks for room 443, they go to the business center.

Now imagine you have two guests who both want to talk to the front desk. The front desk can handle them one at a time, but to keep them separate, each guest gets a temporary identification number. That temporary number is like an ephemeral port. The front desk knows which reply goes to which guest because each reply is addressed with the guest's temporary number.

If the hotel were to have no room numbers, guests would wander around randomly, trying every door. That's what would happen on a network without port numbers. Your computer would receive all traffic but wouldn't know which program it was for. The analogy perfectly maps to port numbers: they are the room numbers inside the building (the IP address) that ensure information goes to the right place.

Why This Term Matters

Port numbers are a fundamental part of how the internet works. Without them, your computer could not distinguish between a web page request and an email message. Every time you open a browser, check your email, or stream a video, port numbers are involved. They allow you to run multiple networked applications simultaneously without interference.

For IT professionals, knowledge of port numbers is critical for configuring firewalls, setting up servers, troubleshooting network issues, and securing systems. A firewall rule that blocks port 22 prevents SSH access, which might be necessary for security. A misconfigured port forward can leave a service inaccessible. When troubleshooting connectivity problems, one of the first steps is checking whether the correct port is open and listening.

In enterprise environments, port numbers are used in load balancers to direct traffic to specific application pools. In cloud computing, security groups and network ACLs are defined by port numbers. A database server might listen on port 3306 for MySQL, while a web server listens on port 80. If an application tries to connect to the wrong port, the connection fails.

Port numbers also matter for security. Attackers often scan for open ports to find vulnerable services. Understanding standard port numbers helps administrators close unnecessary ports and reduce the attack surface. When you hear about a data breach, it often involves a service running on an open port that was not properly secured. Therefore, port numbers are not just a theoretical concept, they are a practical, daily concern for anyone who manages networks or servers.

How It Appears in Exam Questions

Port number questions come in several formats. The most direct type is a simple multiple-choice: "Which port does DNS use?" The answer options will include numbers like 53, 80, 443, 25. You must have memorized the standard port assignments. Another direct format is a fill-in-the-blank or a matching exercise where you connect protocols to their ports.

Scenario-based questions are more challenging. For instance: "A company has a web server that is only accessible internally. To make it available externally, the network administrator configures the router to forward all traffic arriving on port 443 to the internal server at 192.168.1.10:443. Which type of configuration is this?" The answer is "port forwarding" or "destination NAT." You need to recognize that port forwarding uses port numbers to direct traffic to a specific internal host.

Another common scenario: "An employee cannot send emails. The email server is configured correctly. The firewall log shows that traffic to port 25 is being blocked. What is the likely cause?" The correct answer is that SMTP (port 25) is blocked by the firewall, preventing outgoing email. You need to know that port 25 is used for SMTP.

Troubleshooting questions often involve checking netstat or ss output: "A user reports that a web application is not working. The output of 'netstat -an' shows the server is listening on 0.0.0.0:8080. Which of the following is true?" You must interpret that the server is listening on port 8080, so clients would need to connect using that port, not the standard port 80.

In security exams, a question might present a list of open ports found during a vulnerability scan and ask which service is most likely vulnerable. For example: "Port 22 is open. Which service is running?" Answer: SSH. Or "Port 3389 is open on a Windows server. Which service could an attacker exploit?" Answer: Remote Desktop Protocol.

Some exams include configuration-based questions where you must choose the correct syntax for a firewall rule or ACL entry that involves a port number. For example: "Which ACL entry permits HTTP traffic from the 10.0.0.0/24 network to any destination?" The correct answer includes the keyword "eq 80" or "port 80." Understanding how to write these rules is part of the exam objectives.

Finally, performance-based questions (PBQs) might ask you to drag port numbers to their correct protocol labels or to complete a port-forwarding configuration on a simulated router. These are practical tests of your ability to apply port number knowledge in real-world configurations.

Practise Port number Questions

Test your understanding with exam-style practice questions.

Practise

Example Scenario

You are a junior IT support specialist at a small company. The company's web server is not accessible from the internet. Employees inside the office can reach the website, but external customers cannot.

First, you check the server itself. You open a command prompt on the server and run 'netstat -an' to see which ports are listening. You see a line that shows 0.0.0.0:8080 in the LISTENING state. This means the web server is running and listening on port 8080, not the standard HTTP port 80.

Next, you check the company's router configuration. You log into the router's web interface and look at the port forwarding settings. You see that there is a rule directing traffic on port 80 to the server's IP address, but the server is listening on port 8080. That is the mismatch.

You correct the port forwarding rule to forward traffic from port 8080 (or change the server to listen on port 80). After making the change, you test from your phone using the mobile network. This time, the website loads correctly.

This scenario shows how a simple port number mismatch can break connectivity. It also shows the importance of understanding that both the server and the router must agree on the port number. The server listens on a specific port, and the router forwards incoming traffic on a specific port. If they don't match, the connection fails.

In an exam, a similar scenario might ask: "A web server is accessible internally but not externally. The server is listening on port 8080. The router is configured to forward port 80 to the server. What should the administrator do?" The correct answer would be either change the web server to listen on port 80, or change the port forward rule to use port 8080.

Common Mistakes

Confusing port numbers with IP addresses

IP addresses identify devices on a network, while port numbers identify applications on that device. They perform different functions and are both needed for a complete connection.

Remember: IP address = building address. Port number = apartment number inside the building. Both are required to deliver data correctly.

Memorizing port numbers without knowing the protocol names

Exams often present the protocol name and ask for the port, or vice versa. You cannot answer if you only know half. You must connect each port to its service.

Study them as pairs. For example: HTTP = 80, HTTPS = 443, FTP = 21, SSH = 22. Practice flashcards that show one side and ask for the other.

Thinking all services use the same port for both sender and receiver

Some protocols use different ports for different functions. FTP uses port 21 for control and port 20 for data. DHCP uses port 67 for server and 68 for client. Misunderstanding this can lead to configuration errors.

Learn which protocols use asymmetrical ports. For FTP, remember that the control connection is port 21 and data connection is port 20. For DHCP, server is 67, client is 68.

Assuming port numbers are only for incoming traffic

Port numbers are used for both source and destination in every packet. When your browser makes an outgoing connection, it uses a random high port as its source, and the destination port is the well-known one. The response packet uses the source port as the new destination.

Think of port numbers as two-way identifiers. Every packet has both a source port and a destination port. The source port is like a return address on an envelope.

Forgetting that port 0 is not used

Port 0 is reserved and not used for standard applications. Some people mistakenly think port 0 is a valid port for a service. On most systems, port 0 is used internally by the OS to request an ephemeral port, but no application binds to port 0.

Remember that the valid port range for services is 1-65535. Port 0 is special and not used for binding. If you see port 0 in a question, it is likely a trick.

Exam Trap — Don't Get Fooled

{"trap":"The exam presents a scenario where a service is running on a non-standard port, and the learner is asked to identify the service based on the port number. For example, a question might state that a server is listening on port 8080 and ask what service it is, expecting the answer \"HTTP proxy\" or something else, but the correct answer is \"HTTP (web server)\" because port 8080 is a common alternate port for HTTP.","why_learners_choose_it":"Learners often memorize standard ports (80 for HTTP) and might think that any other port is a different service.

They may not know that port 8080 is a common alternative for HTTP, often used for development or proxy servers.","how_to_avoid_it":"Study common alternate ports as well. Know that 8080 and 8000 are often used for HTTP, that 8443 is an alternate for HTTPS, and that 1433 is SQL Server, 3306 is MySQL, etc.

When a question gives a non-standard port, check if the scenario suggests a common application that uses that port."

Step-by-Step Breakdown

1

Application requests a connection

A program (like a web browser) wants to fetch a web page. It requests the operating system to open a connection to the server's IP address on port 80 (or 443). The OS assigns a random high-numbered source port (e.g., 54321) to this connection. This is how the OS tracks which application made the request.

2

Packet encapsulation

The OS creates a TCP or UDP packet with the source port (54321), the destination port (80), the source IP, and the destination IP. This header is added to the data. The packet is then passed to the IP layer, which adds its own header. The complete packet is then sent over the network.

3

Packet reaches the destination server

The server's network interface receives the packet. The IP layer strips its header and passes the remaining TCP segment to the TCP layer. The TCP layer reads the destination port (80) and knows that this packet is intended for the web server application that is listening on port 80.

4

Server sends a response

The web server on port 80 processes the request and prepares a response. It creates a packet with source port 80 (the web server), destination port 54321 (the original source port from the request), and the appropriate IPs. This packet is sent back through the network to the client.

5

Client receives the response

The client's OS receives the response packet. The TCP layer looks at the destination port (54321). The OS knows that this port was assigned to the web browser, so it delivers the data to the correct application. The browser can then display the web page.

6

Port released after connection closes

When the web page is fully loaded and the connection closes, the OS marks the source port (54321) as available again. The port can be reused for a future connection. This process allows many connections to happen without exhausting the pool of available ports.

Practical Mini-Lesson

As an IT professional, you will need to check port status frequently. On Linux, use 'netstat -tulpn' or 'ss -tulpn' to see which ports are listening. On Windows, use 'netstat -an' or 'netstat -anb' (with admin rights). The output shows the protocol, local address (including port), state, and sometimes the process ID. This is your first step in troubleshooting a service that is not responding.

When configuring a firewall, you will specify port numbers in rules. For example, on a Linux iptables firewall, to allow incoming HTTP traffic, you would add a rule like: 'iptables -A INPUT -p tcp --dport 80 -j ACCEPT'. On a Windows Firewall, you create an inbound rule for TCP port 80. If you open the wrong port, you might expose a service unintentionally. If you block a necessary port, users won't be able to connect.

Port forwarding on a router is a common task. Suppose you have a web server inside your network at 192.168.1.100 listening on port 80. You want external users to reach it via your public IP. You log into the router and create a port forwarding rule: external port 80 to internal IP 192.168.1.100 port 80. If the server uses a different port, you must map accordingly. A common error is forwarding external port 80 to internal port 8080 when the server is on 8080, this is actually correct if the server is on port 8080, but many people do it backwards.

Security professionals use port scanning to discover open ports. Tools like Nmap can scan a range of ports on a target to see which services are running. This is a common technique for both penetration testing and vulnerability assessment. Knowing standard ports helps you quickly identify services from scan results. For instance, if port 3389 is open, that's Remote Desktop, a potential attack vector if not properly secured.

One common troubleshooting scenario: a user cannot access an internal application. You check netstat on the server and see the application is listening on 127.0.0.1:8080. That means the application is only listening on the loopback interface, so it's not accessible from other computers. The fix is to configure the application to listen on 0.0.0.0 or the server's LAN IP.

Port numbers also matter in containerization. In Docker, you map container ports to host ports. 'docker run -p 8080:80 my-web-app' maps host port 8080 to container port 80. This allows you to run multiple containers on the same host without port conflicts.

Finally, remember that port numbers are not a security measure. Changing a service to a non-standard port (security through obscurity) does not make it secure. Attackers can still scan all ports. Always use proper authentication and encryption regardless of the port number.

Memory Tip

To remember common ports: think of these numbers as a phone book. The building address (IP) gets you to the building, but the extension (port) gets you to the right person. Memorize the 'big five': HTTP=80, HTTPS=443, FTP=21, SSH=22, DNS=53. Use the mnemonic: '80 is great for web, 443 is secure and free.'

Covered in These Exams

Current Exam Context

Current exam versions that test this topic — use these objectives when studying.

Legacy Exam Context

Older materials may mention these exam versions, but learners should use the current objectives for their target exam.

N10-008N10-009(current version)
SY0-601SY0-701(current version)

Related Glossary Terms

Frequently Asked Questions

What is the difference between a port number and a protocol number?

A protocol number identifies the protocol used in the IP header (e.g., TCP is 6, UDP is 17). A port number identifies the specific application inside the transport layer. They work at different layers: protocol numbers at the Network layer, port numbers at the Transport layer.

Can two applications use the same port number on the same computer?

No, a port number can only be used by one application at a time on the same IP address. If you try to start a second service on the same port, you will get an 'address already in use' error. However, different IP addresses on the same machine (like different network interfaces) can use the same port number.

What is port 0 used for?

Port 0 is reserved and not used for standard applications. On many systems, when a program requests a port number and specifies 0, the operating system assigns a random ephemeral port from the dynamic range. No service binds to port 0.

How many port numbers are there?

There are 65,536 possible port numbers, ranging from 0 to 65535. They are divided into well-known (0-1023), registered (1024-49151), and dynamic/private (49152-65535) ranges.

Do port numbers affect security?

Yes, indirectly. Open ports indicate running services that could be vulnerable. Firewalls use port numbers to permit or block traffic. Changing a service to a non-standard port is not a security measure by itself but can reduce automated attacks. Always use firewalls and secure configurations.

What is port forwarding?

Port forwarding is a router configuration that directs external traffic on a specific port to an internal IP address and port. For example, you can forward port 80 from your public IP to a web server inside your home network, allowing internet users to access that server.

Why do I need to know port numbers for IT exams?

Many certification exams test your ability to identify common port numbers, match them to protocols, and apply them in configuration and troubleshooting scenarios. It is a fundamental skill for networking, security, and system administration roles.

Is there a difference between TCP and UDP port numbers?

TCP and UDP each have their own separate port numbering space. A TCP port 80 can be used at the same time as a UDP port 80 on the same IP address, with different applications. However, for common services like DNS, both TCP and UDP port 53 are used, but for different purposes (TCP for zone transfers, UDP for queries).

Summary

Port numbers are a fundamental networking concept that enable computers to direct data to the correct application among many running simultaneously. They work at the Transport layer (Layer 4) of the OSI model and are used in both TCP and UDP protocols. Understanding port numbers allows IT professionals to configure firewalls, set up servers, troubleshoot connectivity issues, and secure networks.

For certification exams, you must memorize common port numbers and match them to their services. You also need to understand how port numbers are used in scenarios like port forwarding, firewall rules, and troubleshooting. Common mistakes include confusing port numbers with IP addresses, mixing up protocol numbers, and forgetting that source ports are often ephemeral.

In the real world, every time you browse the web, send an email, or make a video call, port numbers are working behind the scenes. They are a simple but powerful tool that makes the internet functional and organized. Whether you are studying for a CompTIA exam, a CCNA, or working in IT, a solid grasp of port numbers is essential.

The key takeaway for your exam: port numbers are not just numbers to memorize, they are a practical tool for understanding and controlling network traffic. Practice with flashcards, use netstat to see ports on your own computer, and always connect the number to a real service. With consistent study, you'll master this concept and improve your score.