Your computer is having 200+ conversations right now. Your browser, Slack, Spotify, and your email client are all talking to different servers — simultaneously. How does your computer know which data belongs to which app? How does it not mix up your Spotify music with your bank login?
The answer is ports.
What is a Port?
A port is a number — just a number (0 to 65535) — that tells your operating system which application should receive a piece of network data.
Think of it as a room number inside a building:
Your IP address is the hotel’s street address. Everyone can find the building.
A port is the room number inside that hotel.
- Room 80 → HTTP (the web, unencrypted)
- Room 443 → HTTPS (the web, encrypted)
- Room 22 → SSH (remote server login)
- Room 53 → DNS (the internet’s phonebook)
When data arrives at your IP address, the OS reads the port number and delivers the data to the correct “room” (application).
Why Do Ports Exist?
Without ports, your computer could only have one network conversation at a time.
Here is what happens when you load a webpage in your browser while Spotify plays in the background:
- Browser sends a request to
google.comport 443 (HTTPS) - Spotify sends a request to Spotify’s servers on port 443 (also HTTPS)
- Both responses come back to your IP address
- Your OS reads the port number on each response packet and delivers:
- The Google response → to your browser
- The Spotify audio data → to the Spotify app
Without ports, your browser would get Spotify’s audio and Spotify would get your Google search results. Chaos.
The 3 Port Ranges
| Range | Numbers | Name | Who Uses Them |
|---|---|---|---|
| Well-Known | 0 – 1023 | System Ports | Major internet services (HTTP, SSH, DNS). Require root/admin to bind. |
| Registered | 1024 – 49151 | Application Ports | Common apps: MySQL (3306), Redis (6379), MongoDB (27017). |
| Ephemeral | 49152 – 65535 | Dynamic/Private | Auto-assigned temporary ports for outgoing connections. |
Every connection has two port numbers — one on each end.
- Destination Port: The port the server is listening on. (e.g.,
443for HTTPS) - Source Port: A random ephemeral port your OS assigns to track the reply. (e.g.,
54823)
When the server replies, it sends data back to: your-IP : 54823. That’s how your OS knows to give the response to your browser and not Spotify.
TCP vs UDP Ports
The same port number can exist on both TCP and UDP — they are completely separate.
| Protocol | Ports | Behavior |
|---|---|---|
| TCP | TCP/80, TCP/443, TCP/22 | Connection-based. Handshake required. Reliable delivery. |
| UDP | UDP/53, UDP/67, UDP/123 | No connection. Fire-and-forget. Faster, lower overhead. |
For example:
- DNS uses UDP/53 for normal queries (fast, tiny packets)
- DNS uses TCP/53 for large responses or zone transfers (reliability needed)
The Most Important Ports You Must Know
You don’t need to memorize all 65,535 ports. You need to know the ~20 ports that appear in 95% of real-world work.
| Port | Protocol | Transport | What It Is |
|---|---|---|---|
| 20/21 | FTP | TCP | File Transfer (21=control, 20=data) |
| 22 | SSH | TCP | Secure remote login. You’ll use this every day. |
| 25 | SMTP | TCP | Email sending (server → server) |
| 53 | DNS | UDP/TCP | The internet phonebook. Every web request uses this. |
| 67/68 | DHCP | UDP | How your computer gets its IP address on boot. |
| 80 | HTTP | TCP | Unencrypted web traffic. |
| 110 | POP3 | TCP | Old email retrieval (avoid) |
| 143 | IMAP | TCP | Modern email retrieval |
| 443 | HTTPS | TCP | Encrypted web. This is ~95% of web traffic today. |
| 587 | SMTP (TLS) | TCP | Email sending from your email client |
| 3306 | MySQL | TCP | MySQL/MariaDB database connections |
| 5432 | PostgreSQL | TCP | PostgreSQL database connections |
| 6379 | Redis | TCP | Redis cache/message broker |
| 8080 | HTTP-alt | TCP | Developer local servers (localhost:8080) |
| 27017 | MongoDB | TCP | MongoDB database |
What is a Socket?
A socket is the full address of one end of a network connection. It combines the IP address + port number:
Socket = IP Address + Port Number
Example: 142.250.80.46:443When your browser connects to Google, the full “conversation” is identified by a 4-tuple:
[Your IP] : [Your ephemeral port] ↔ [Google's IP] : 443
192.168.1.5 : 54823 ↔ 142.250.80.46 : 443
This is why your computer can have thousands of simultaneous browser tabs open — each tab gets a unique source port, so the OS can track each conversation separately.
Hands-On: See Your Open Ports Right Now
The best way to understand ports is to see them on your own system.
Step 1: See all listening ports (what your computer is serving to others)
Show all TCP/UDP ports currently listening on your system
- •-t = TCP, -u = UDP, -l = listening only, -p = show process name, -n = show numbers not names
- •Look for the 'Local Address:Port' column — that's what each service is bound to
- •0.0.0.0:80 means listening on ALL interfaces on port 80
- •127.0.0.1:3306 means MySQL is only accessible from localhost (good security!)
Step 2: See all active connections (conversations happening right now)
Show all active TCP connections — who your computer is talking to right now
- •ESTABLISHED = active conversation in progress
- •TIME_WAIT = connection recently closed, waiting to expire
- •LISTEN = waiting for incoming connections on this port
- •The 'Peer Address:Port' column shows which remote server you're connected to
Step 3: See which process owns a specific port
Find which process (app) is using port 80 on your system
- •Replace 80 with any port number you want to investigate
- •Useful when you get 'port already in use' errors
- •The PID column gives you the process ID — use 'kill PID' to stop it
Step 4: Check if a specific port is open on a remote server
Test if port 443 is open on google.com (timeout = closed/filtered)
- •-z = scan mode (don't send data), -v = verbose output
- •Connection succeeded = port is open and reachable
- •Connection refused = port is closed
- •Timeout = firewall is blocking/dropping the connection
Hands-On Challenge
Try these steps on your own Linux or macOS machine:
- Run
ss -tulpn→ Find which port your SSH server is listening on (hint: it should be 22) - Run
ss -tn→ Find an ESTABLISHED connection and look up the remote IP onipinfo.io - Run
sudo lsof -i :8080→ Is anything using port 8080? (common dev server port) - Bonus: Start a Python web server (
python3 -m http.server 9999) then runss -tulpnagain. You should see port 9999 appear.
Key Takeaways
- A port is just a number (0-65535) that tells the OS which app gets the incoming data.
- IP address = the building, Port = the room number. You need both to reach the right app.
- Well-Known ports (0-1023) are for major services. Registered (1024-49151) for apps. Ephemeral (49152-65535) for outgoing connections.
- Every connection has two ports: the server’s stable listening port, and your computer’s random source port.
- TCP and UDP are separate — the same port number can exist on both protocols independently.
ss -tulpnis your go-to command to see exactly what’s listening on your system.
What a port is, why they exist, how TCP/UDP ports differ, and how to inspect your own system’s open ports. You’ve moved from “ports are magic numbers” to understanding the complete address system of a network connection.
Next Steps
- TCP vs UDP Explained — Master the difference between the two main transport protocols
- How DNS Works — See how DNS uses port 53 behind every web request
- What is a Firewall? — Learn how firewalls control which ports are accessible
Test Your Knowledge
Take a quick 5-question quiz to check your understanding.