Ports & Sockets

Ports and sockets are crucial for understanding how applications communicate over networks. They're the "channels" through which data flows.

What is a Port?

A port is a logical endpoint for network communication on a host. Think of it like an apartment number — the IP address is the building, and the port is the apartment.

Port Number: 0 - 65535 (16-bit unsigned integer)

Port Ranges

Ports are organized into three ranges based on their purpose:

Common Well-Known Ports

Here are the most important ports you'll encounter in DevOps:

What is a Socket?

A socket is the combination of:

• IP Address
• Port Number
• Protocol (TCP or UDP)

Think of it as a complete address for network communication.

Notation:

IP:Port/Protocol
192.168.1.100:8080/TCP

Full Socket Definition:

(IP Address, Port, Protocol)
(192.168.1.100, 8080, TCP)

Connection Establishment

When two applications communicate, they create a connection between two sockets:

Client Socket              Server Socket
(203.0.113.50:54321)  ↔   (192.168.1.100:8080)
        ↓                        ↑
  Client Machine          Server Machine

The client:

• Initiates connection using an ephemeral port (dynamic/temporary)
• Connects to server's well-known port

The server:

• Listens on a well-known port
• Accepts connection from any client
• Server-side socket takes on client's port/IP for this specific connection

Socket Types

1. Stream Socket (TCP)

• Reliable: All data arrives, in order
• Connection-oriented: Must establish connection first
• Error checking: Detects lost/corrupted packets
• Overhead: Slower due to reliability mechanisms
• Use cases: Web browsers, email, file transfer, SSH

Example:

Client initiates: "I want to connect to 192.168.1.100:80"
Server responds: "Connected!"
Client sends: "GET /index.html HTTP/1.1"
Server sends: "HTTP/1.1 200 OK ..."

2. Datagram Socket (UDP)

• Unreliable: Some packets may be lost
• Connectionless: No connection setup
• No error checking: Application handles errors
• Low overhead: Faster
• Use cases: Video streaming, online gaming, VoIP, DNS queries

Example:

Client sends: "What's the IP for google.com?"
Server responds: "142.251.41.14"
Done — no connection guaranteed

TCP vs UDP at a Glance

Port States

When checking ports, you'll see different states:

LISTEN

• Port is open and accepting connections
• Server is actively listening

ESTABLISHED

• Connection is active
• Data can flow between endpoints

SYN_SENT

• Client trying to establish connection
• Waiting for server response

TIME_WAIT

• Connection closed but port reserved
• Prevents old packets from interfering
• Usually lasts 60 seconds

CLOSED

• Port is not accepting connections

Viewing Open Ports

Linux/Mac:

# Show all listening ports
netstat -tuln
# or (modern)
ss -tuln
 
# Example output:
# Proto Recv-Q Send-Q Local          Foreign        State
# tcp   0      0      0.0.0.0:22     0.0.0.0:*      LISTEN
# tcp   0      0      0.0.0.0:80     0.0.0.0:*      LISTEN
# tcp   0      0      127.0.0.1:3306 0.0.0.0:*      LISTEN

Windows:

netstat -ano

Socket Programming Basics

Most programming languages provide socket APIs:

Python Example:

import socket
 
# Create TCP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
# Client: Connect to server
sock.connect(('192.168.1.100', 8080))
 
# Server: Listen on port 8080
sock.bind(('0.0.0.0', 8080))
sock.listen(5)

Node.js Example:

const net = require('net');
 
// Create server listening on port 8080
const server = net.createServer();
server.listen(8080, '0.0.0.0');
 
// Connect as client
const client = new net.Socket();
client.connect(8080, '192.168.1.100');

Ephemeral Ports and Client Connections

When a client initiates a connection:

1. Client OS assigns an ephemeral port (temporary)
2. Client connects to server's well-known port
3. Server accepts connection
4. Both sides now have a complete socket

Why ephemeral ports?

• Many clients can connect to same server port
• Each connection uses different client ports
• Server keeps track of all connections

Example — Multiple clients to same server port:

Client 1: 203.0.113.50:54321 → 192.168.1.100:80
Client 2: 203.0.113.51:54322 → 192.168.1.100:80
Client 3: 203.0.113.52:54323 → 192.168.1.100:80

All connect to same server port (80), but use different client ports.

Port Forwarding and Mapping

Port forwarding redirects traffic from one port to another:

Use cases:

• Access a service behind a firewall
• Run multiple services on different ports
• Map internal ports to external ports

Docker port mapping:

docker run -p 8080:3000 myapp
# Forwards external port 8080 → container port 3000

SSH port forwarding:

ssh -L 8080:localhost:3000 user@remote-server
# Forwards local 8080 → remote server's 3000

Common DevOps Port Scenarios

Web Application Stack:

Load Balancer: 80 → 8080
App servers: 8080
Database: 3306 (internal only)
Cache: 6379 (internal only)

Microservices:

Nginx Ingress: 80/443
Service A: 8001
Service B: 8002
Service C: 8003

Kubernetes Service Discovery:

ClusterIP: internal port
NodePort: 30000-32767
LoadBalancer: 80/443 external

Key Concepts to Remember

• Port = logical endpoint (0-65535)
• Socket = IP + Port + Protocol (complete address)
• Well-known ports (0-1023) = system services
• Ephemeral ports (49152-65535) = temporary client connections
• TCP = reliable, slower; UDP = fast, unreliable
• Server listens, client initiates
• Use netstat/ss to view open ports and active connections