What Are TCP Ports and Why Are They Important?

Quick Definition: A port is a logical endpoint in computer networking used to distinguish different network services on a device. TCP ports are numbered and follow global standards to ensure data is directed to the correct application or service.

Think of TCP ports like shipping routes. Just like you need to know both the departure and arrival locations when sending a package overseas, devices use TCP ports to ensure data reaches the right destination. A single device can handle multiple services at once, and ports help keep everything organized by directing information where it needs to go.

If you're looking for a deep understanding of what TCP ports are and how they work, here is what you need to know. 

An Overview of TCP Ports [VIDEO]

In this video, Tim Warner explains TCP ports, their usage, and how to identify them. He covers the netstat command for checking port activity and demonstrates TCPView, a free GUI tool for Windows, to simplify port monitoring.

What is TCP?

Before we discuss TCP ports, it's helpful to understand TCP. Transmission Control Protocol (TCP) is a global communication standard that devices use to transmit data reliably. 

TCP is connection-oriented, which means that both the client and the server must be established before the data can be sent. This ensures that the data is reliable, ordered, and error-checked in transit. TCP is one of the main protocols of the Internet protocol suite, which is often referred to as TCP/IP.

How Do TCP and TCP Ports Work?

Transmission Control Protocol is a key component of the TCP/IP protocol stack. TCP is a connection-oriented protocol that requires a connection or a circuit between the source-sending computer and the destination one. TCP is one of the two main ways to transmit data in a TCP/IP network. UDP, which is a best-effort connectionless protocol, is the other one.

Devices use TCP ports to identify specific applications and services, ensuring network traffic reaches the correct destination. Generally, a TCP port represents an application—or service-specific endpoint identifier.

Think of opening a web browser. When you type in "CBTNuggets.com," your browser translates that to "http://www.cbtnuggets.com." With that, you're specifying the hypertext transfer protocol—and hopefully, you get the page without issue. That happens because CBT Nuggets' web server, or HTTP server, is listening to incoming connections at a particular port address.

TCP includes some of the more common ports, but there are many other ports that network professionals need to be familiar with. 

How Many TCP Ports Are There?

A TCP port is a 16-bit, unsigned value, so there's a finite number of TCP ports available in the world. Specifically, there are 65,535 available TCP ports.

You've probably heard that the world is moving from IPv4 to IPv6 due to address depletion. In the future, we'll likely have to expand the port range to accommodate additional services.

That said, the first 1,024 TCP ports are called well-known port numbers, and they're agreed upon among technology vendors. So, if you and I were to go into business and sell a really nice FTP client software, we'd agree to work with the standard, well-known FTP port numbers.

How do Sockets Work with TCP Connections?

A socket allows for a connection to another system already running some TCP server software. It takes a combination of an IP address and a port number. That means a single host can host multiple instances of the same service using different port numbers.

For instance, we can set up a web server that has "Site 1" listening on the default port of 80 and another web server. That is to say, another website on the same server with the same IP address, "Site 2", but listening on Port 8080.

Where and How Do We Use Port Numbers?

One place is during server application configuration. Enterprise apps like Oracle, SQL, and SharePoint all require you to set up services on discrete port numbers. This is also why working with your network administrator to allow traffic to flow on those port IDs is essential. Firewalls monitor ports to keep systems secure.

Service addressing is another way to use port numbers. Once we install our enterprise application, we advertise the service using, generally speaking, a hostname and the port number. For example, "http://cbtnuggets:1988". We wouldn't have to do that if it were a well-known port. If it's well-known, we can leave it off.

We use port numbers for troubleshooting purposes. Specifically, we can troubleshoot malware and identify rogue processes.

Firewall configuration often uses rules that denote both aspects of a socket. You might create allowances or traffic blocks based on IP addresses, port numbers, or both.

How to View TCP Connections on Your Machine

Regardless of your OS, you can always get to the netstat command line tool, although the specific parameters you use will depend on your OS. In Windows, start with a command prompt and type:

netstat-aon

This will output a table of all current TCP connections on the system. Unfortunately, you can't do all that much besides looking at it.

There's another option, though, and that's to type:

netstat /?

This outputs a lot more data that's much more useful. This includes all the parameters.

What's a Good Tool for Viewing TCP Information?

If you're working on a Windows machine, TCPView.exe is strongly recommended. Now a Microsoft property, it was initially developed by Mark Russinovich. There's also a free command-line version of the tool called TCPVcon.

What's great about TCPView is its graphical interface. It is more than just a netstat query on steroids: its interface contains a lot of context and information.

Running TCPView, you may discover that you have quite a lot more running on your system in terms of remote connections than you might have otherwise been aware of. That's one of the reasons TCPView is an excellent way to diagnose rogue processes.

Don't be surprised if you see many applications running with processes going like Outlook, Chrome, or Dropbox. If you right-click one of these items, you'll get a specific ID of the image or the executable program that's running. 

You can also end the process — terminate it from there — by right-clicking and selecting 'End Process' or 'Close Application.' You can right-click a process and do a Whois lookup. There are a lot of good things to do in TCPView, and you should play around with it.

The bottom line with TCPView is that it lets you see each process that you have running on your system, and you can see at a glance if it's TCP or UDP. And you can see the local and remote ports. You'll see that UDP doesn't have remote ports because UDP is a connectionless protocol and doesn't require an end-to-end circuit like TCP does. This is why TCP tells us on this interface where we're connected, both locally and to a remote system.

Wrapping Up

TCP is a fundamental building block of modern networking, enabling reliable data transfer across the internet. It's one of the tools that has made our modern digital age possible. All this information about understanding TCP/IP lays the foundation for exploring many roles within IT.

If you're looking for more details, check out our CompTIA A+ training.