On the Internet, each host sends and receives data packets through TCP/ip protocol, and each data packet is routed in the Internet according to the ip address of its destination host, and the data packet is successfully transmitted to the destination host. Most operating systems support multiple programs (processes) running at the same time, so which process should the destination host send the received packets to? Obviously, this problem needs to be solved, so the port mechanism is introduced.
The local operating system will assign protocol ports to those processes that need them, and each protocol port will be identified by a positive integer, such as: 80,139,445 and so on. After receiving the data packet, the destination host will send the data to the corresponding port according to the destination port number of the message header, and the process corresponding to this port will receive the data and wait for the arrival of the next group of data. Speaking of which, the concept of port still seems abstract. Keep following me and don't go away.
Ports are actually queues, and the operating system assigns different queues to each process. According to the destination port, the packet is pushed into the corresponding queue, waiting to be accessed by the process. Under very special circumstances, this queue may overflow, but the operating system allows each process to specify and adjust its own queue size.
Not only the process receiving the packet needs to open its own port, but also the process sending the packet needs to open the port, so that the active port will be identified in the packet, so that the receiver can successfully return the packet to this port.
Detailed description of port
The service function of each network is different, and different data packets need to be sent to different services for processing. When your host starts FTP and WWW services at the same time, packets sent by others will be sent to FTP or WWW services according to the port number on TCP.
Every TCP connection must be initiated by one end (usually the client). This port is usually randomly selected with a port number greater than 1024 (because 0- 1023 is generally reserved as a port of a well-known server, such as FTP, HTTP, SMTP, etc. )! Its TCP packet will set (and only set) the SYN flag! This is the first packet of the whole connection;
If the other end (usually the server) accepts this request (special services need to be carried out through special ports, such as 2 1 port of FTP), then the second package of the whole connection will be sent back to the requester! In addition to the SYN flag, the ACK flag is also set to establish resources for connection at the local end.
Then, after the requester obtains the first response packet from the server, it must respond to the other party with an acknowledgement packet, which only carries the ACK flag (in fact, all packets in subsequent connections must carry the ACK flag);
Only when the server receives the acknowledgement (ACK) packet of the requester (that is, the third packet of the whole connection) can the connection between the two ends be formally established. This is the so-called' three-way three-way handshake' principle of TCP connection.
After three-way handshake, your client's port is usually a randomly obtained port higher than 1024. As for the host side, it depends on which port was opened at that time. For example, WWW chooses 80, and FTP takes 2 1 as the normal access channel!
In a word, the port we are talking about here is not the I/O port of computer hardware, but the concept of software form. According to the different types of services provided, there are two kinds of ports, one is TCP port and the other is UDP port. When computers communicate with each other, there are two ways: one is to confirm whether the information has arrived after sending, that is, to reply, mostly using TCP protocol; One is to leave it alone after sending it, and not confirm whether the information has arrived. Most of these methods use UDP protocol. The ports provided by services corresponding to these two protocols are also divided into TCP ports and UDP ports.
Then, if the attacker uses software to scan the target computer and gets the port opened by the target computer, he will know what services the target computer provides. As we all know, there must be loopholes in service software when providing services. According to these, the attacker can get a preliminary understanding of the target computer. If the port of the computer is too big for the administrator to know, there are two situations: one is that the service is provided and the administrator does not pay attention. For example, when installing IIS, the software will automatically add a lot of services, which administrators may not notice; One is that the server is installed by the attacker and communicates through a special port. Both situations are very dangerous. In the final analysis, the administrator does not understand the services provided by the server, which reduces the safety factor of the system.