Ports and Sockets Explained

ByChirag

One server can run many services — a web server on port 80, an SSH daemon on port 22, a database on port 5432. They all share one IP address. The port number is what tells the kernel which program gets a particular packet.

What a port is

A port is a 16-bit number (0–65535) that identifies a specific endpoint within a host. Both TCP and UDP use ports independently — TCP port 80 and UDP port 80 are completely separate.

The three port ranges

Range Name Use
0 – 1023 Well-known / system Reserved for standard services. Need root to bind.
1024 – 49151 Registered App-specific (PostgreSQL=5432, MySQL=3306, etc.)
49152 – 65535 Ephemeral Auto-assigned to outgoing client connections

Ports you should memorize

  • 20, 21 — FTP data, control
  • 22 — SSH
  • 23 — Telnet (don’t use)
  • 25 — SMTP (email send)
  • 53 — DNS
  • 80 — HTTP
  • 110 — POP3
  • 123 — NTP (time)
  • 143 — IMAP
  • 443 — HTTPS
  • 3306 — MySQL
  • 5432 — PostgreSQL
  • 6379 — Redis
  • 8080 — HTTP alt (proxies, dev servers)
  • 27017 — MongoDB

What a socket is

A socket is an endpoint of a network connection: (IP address, port, protocol).

A connection is a pair of sockets: source socket + destination socket.

Connection:
  Client socket: 192.168.1.42:54321 (TCP)
  Server socket: 198.51.100.5:443   (TCP)

Both ends use this 5-tuple to identify the connection:
  (proto, src_ip, src_port, dst_ip, dst_port)

Why one port can serve many clients

Common confusion: how can a web server on port 80 handle thousands of simultaneous connections if there’s only one port 80?

Answer: each incoming connection is identified by the FULL 5-tuple. The server’s port stays at 80, but each client uses a different ephemeral port. The combination is unique:

Connection 1: (TCP, 1.1.1.1, 50001, 198.51.100.5, 80)
Connection 2: (TCP, 2.2.2.2, 60002, 198.51.100.5, 80)
Connection 3: (TCP, 1.1.1.1, 50003, 198.51.100.5, 80)

All three are different connections, all to port 80.

Listening vs established

  • LISTEN socket — waiting for new connections. Bound to (IP, port).
  • ESTABLISHED socket — an active connection. Has source AND dest.
# See LISTEN sockets
ss -tlnp

# See ESTABLISHED sockets
ss -tn state established

# Both at once
ss -tnap

Binding to ports

Only one process can LISTEN on a (port, interface) at a time. Try to bind a second one and you get “Address already in use” (EADDRINUSE).

Two exceptions:

  • SO_REUSEPORT — multiple processes can share a listen port; kernel load-balances incoming connections across them. Used by nginx workers, modern Go servers.
  • Different interfaces — you can bind to 192.168.1.5:80 and 10.0.0.5:80 separately because the IP differs.

Common debugging

“Port already in use”

# Find what owns the port
sudo ss -tlnp | grep :8080
sudo lsof -i :8080
sudo fuser 8080/tcp

“Connection refused”

Means: nothing is listening on that port. Either the service isn’t running or it’s bound to a different interface.

“Connection timed out”

Means: a firewall is dropping the SYN, or the host doesn’t exist. Try traceroute to see where the path stops.

What to learn next

DNS resolution — how names get turned into IP addresses. The system that makes everything memorable. Up next.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *