|
HAVE I HELPED?
|
EVEN PCs HAVE PORTS OF CALL
It has recently come to my esteemed attention that one of my friends [no, I am not releasing names here...] doesn't seem to have a clue about "ports." Well, stay tuned, you will get the most clarifying education imaginable on this mysterious topic! I promise...
IP packets are the fundamental "currency of the Internet. If you were to look under the covers of the Internet, you would see "IP packets" in the most general sense. At different places and different levels, you may see "ethernet frames" or "ATM cells" or "Frame Relay packets" - but these are just ways to carry the fundamental currency which is IP packets. The thing that makes the IP packet the fundamental currency of the Internet is that the IP packet contains two "Internet addresses," or "IP addresses." Tis is the destination, and the source, i.e. where the IP packet came from, and where it is going to. It is much like a post card released into the US postal system. It can stand by itself. The Internet infrastructure passes the IP packet along, each step (router) looking at the destination IP address to figure out where to send it next. When it eventually winds up where it was sent, the destination turns the Destination and source IP address around, and the process is repeated in reverse in order to reply to the IP packet. Applications like web browsing, email, instant messaging, etc. are built using these building blocks of IP packets.
Whew... OK, ports! Just think about it. When your PC receives an IP packet from the Internet, just exactly how does it decide what to do with it??? If it is directed to your web browser, or your email program, or your FTP program, or your IM program, or any one of a thousand programs that could be running on your PC, how does it get to that particular program? This is where ports come in. Each TCP or UDP packet, which is embeddded in the IP packet, includes a port number in the protocol header, which tells the TCP handler program exactly which program the packet is destined for. Port "80," the http port, is the indicator for the web browser program, port "110 port is the "POP3" port, which means this packet is destined for the email program.
Now in order to actually pass IP packets around on wires and fibers, and wireless thru the air, it has to embed the IP packet in a "frame" which is optimized for the particular physical medium it is using. Physical wires often use "ethernet." ADSL circuits use frequency tones much like dial tones. Cable modems do the same. So IP packets are embedded inside the ethernet frames passed on the wires between your PCs and your router.
Just sorta put yourself in the place of the PC, which has just received this ethernet frame. Now ethernet frames can contain almost any protocol imaginable, but your PC will only deal with certain protocols, such as "IP," and maybe "bridged ethernet," or "bridge protocol data units (BPDUs)," or "pppoE ethernet, or "ICMP," or "Netware," or "Appletalk." The lowest level driver gets an interrupt from the NIC card when an ethernet frame comes in, and the driver gets to decide which protocol is indicated in the Ethernet frame header (ethertype). There is a protocol driver for each one of the protocols that the PC can handle. For our discussion of the Internet, the frames indicate usually IP packets.
The IP protocol driver then receives the IP packet and starts looking inside the IP packet to see what kind of protocol is inside. The normal variants are "ICMP," which carry "pings," "TCP" which carry all the connection-oriented protocols, and "UDP" which carries all the connectionless protocols.
It is worth noting that the routers in the Internet only look at the IP packet headers to decide where to route the packet, because the IP headers contain the actual end-user addresses [besides the TCP or UDP or ICMP service indicator]. Routers do not usually look deeper into the packet, unless a "access control list (ACL) " is set up in order to direct the router to filter higher level services. Firewalls can be considered very fancy routers which looks at all these higher level service indicators, in addition to the IP addresses.
Back to your poor excuse of a PC..... If the IP packet driver in your PC detects a TCP packet, it is passed to the TCP driver, which further dissects the packet. Now it is looking for the "service port," which indicates the actual program which will handle the information. Web packets are passed to the browser, received mail packets are passed to the mail client, etc. "TCP packets" are associated strings of IP packets, part of the same "connection."
When you start your web browser and attempt to go to some web site, you are initiating a connection to that web site, using the "connection-oriented protocol" TCP. You will send a TCP packet, a TCP SYN, to that particular web server, directed at its web server port, or "http" port, which happens to be port 80. Now a computer that runs this "service," like a web server, actually "listens" on the particular port for unsolicited connections, in the same manner that your PC listens on ports.
Now this is why running a service can be very dangerous. Over the years, hackers have discovered holes, or mistakes in the way these server programs have been implemented. They have but to send some specially formatted packet to the server running the susceptible code, and the hacker can do all kinds of damage. The hacker can run his particular software on your server!
Running your browser is not nearly as dangerous, because you are not actively listening for TCP connection attempts - you are the one initiating them. Be advised however, that you can point your browser to mal-ware sites, and the Active X or JAVA code that is downloaded on your machine can also cause damage, even if you are not running a server. This is especially true if you have not bothered to keep your copy of windows up to date, or you do not run an anti-virus program, or you never run anti-spyware tools.
This is exactly what happens however, when you receive an html email in your email program, if it is operated in a default manner and accepts html email. When the email is delivered to your PC, and you have a preview windows open, the email program actually goes out and gets any web sites which are called for in the email. If the email is from a questionable source, and lists some mal ware sites in its body, your PC has just opened up those web sites, just by opening up the email. The potential for acquiring viruses in this manner is also very great. If you have an antivirus program running on your PC, and you have kept it up to date, there is a fair chance that it will intercept any incoming viruses.
One of the best places to learn about what the actual ports do is to go to www.grc.com and go into the shield up page. There, besides the normal scanning options, you will find a link to describe exactly what a port is "all about." One of the best utilities I have found anywhere.