WHAT'S A PROTOCOL?

In real life, protocols are a set of procedures and customs that aid in communication and relationships between people. Many times the term is used in governmental foreign relations and other similar human discourse. When used in the context of computer networking, a protocol has a similar meaning, but is more specific. A network protocol is the set of very detailed rules, sequences, message formats, and procedures that computer systems use and understand when exchanging data with each other.
    To say it in a slightly different way, a network protocol (including all of the Internet protocols) is the term used to describe how computer systems communicate with each other at the bit and byte level. Network protocols are layered on top of each other, with each layer providing additional capabilities, but using the facilities provided by the lower layer.

        An increasing number of people are using the Internet and its tools and utilities that at one time were only available on a limited number of computer systems and only for really intense users. The goal of this article is to provide aN overview of the Internet and TCP/IP, its history, terms, and concepts. It is meant as a brief guide and starting point. It is equivalent to a preliminary course on TCP/IP networking. 

 (TCP/IP is most commonly associated with the Unix operating system. While developed separately, they have been historically tied, as mentioned above, since 4.2BSD Unix started bundling TCP/IP protocols with the operating system. Nevertheless, TCP/IP protocols are available for all widely-used operating systems today and native TCP/IP support is provided in OS/2, OS/400, and Windows 9x/NT/2000, as well as most Unix variants)


 HISTORY AND EVOLUTION OF THE PROTOCOL STACK

The Internet protocols are the world's most popular open-system (nonproprietary) protocol suite because they can be used to communicate across any set of interconnected networks and are well suited for LAN and WAN communications. The Internet protocols consist of a suite of communication protocols, of which the two best known are the Transmission Control Protocol (TCP) and the Internet Protocol (IP). The Internet protocol suite not only includes lower-layer protocols (such as TCP and IP), but it also specifies common applications such as electronic mail, terminal emulation, and file transfer.  

    Internet protocols were first developed in the mid-1970s, when the Defense Advanced Research Projects Agency (DARPA) became interested in establishing a packet-switched network that would facilitate communication between dissimilar computer systems at research institutions. With the goal of heterogeneous connectivity in mind, DARPA funded research by Stanford University and Bolt, Beranek, and Newman (BBN). The result of this development effort was the Internet protocol suite, completed in the late 1970s. TCP/IP later was included with Berkeley Software Distribution (BSD) UNIX and has since become the foundation on which the Internet and the World Wide Web (WWW) are based.

    Today all modern operative systems offer tcp/ip support and most large networks rely on tcp/ip for much of their network traffic. The standards for tcp/ip are published in documents called RFCs. 
    ISOC is the internet society created in 1992 whose purpose is to encourage the development and availability of the internet. IAB is the Internet Architecture Board which is the technical advisory board of the ISOC and the body governing IETF (Internet Engineering Task Force), IANA (Internet Assigned Numbers), and IRTF(Internet Research Task Force).

DATAGRAM,  DATA PACKET,  AND FRAMES

A datagram or a datapacket is the basic unit of transmission on the internet. 
    It is a combination of a small fixed-length piece of data and header information bound to it. A packet is what the protocols deal with during transmission over packet-switched networks.
    As I said earlier, datagrams contain both data and headers (which also contain errorchecking information). Headers consist of some combination of checksums, protocol identifiers, destination and source addresses, and state information. Each layer in the protocol stack may add its own header information so that data can be interpreted correctly by the corresponding layer at the recipient. 
    A datagram can also be called a frame although the term frame is often used with Ethernet networks.
    Below is a sample Ethernet frame. This is the final product  which has gone from the application layer all the way to the link layer. Each layer takes the previous layer's packet, viewing almost all of it as data, and puts its own header on it.

                                

Figure 1. A Sample Ethernet Frame




THE INTERNET PROTOCOL STACK

Below is a good overview of how the internet protocol stack spans the range of the typical OSI model.  

Fig 2: Internet protocols span the complete range of OSI model layers.

Let us now look more closely at each layer in the internet protocol suit. 
The four  layers are Application Layer, Transport Layer, Internet Layer and Network Interface Layer. Each layer corresponds to a different facet of communication.

APPLICATION LAYER HTTP   FTP   Telnet 
Finger   DNS
POP3/IMAP   SMTP   Gopher   BGP
Time/NTP   Whois   TACACS+   SSL 		DNS   SNMP   RIP
RADIUS   Archie
Traceroute   tftp 		Ping distributed file services
nfs
xdr
rpc
X-windows  
TRANSPORT LAYER
TCP
UDP
ICMP
OSPF
INTERNET LAYER
IP   ICMP    IGMP

ARP
rarp

NETWORK INTERFACE LAYER Ethernet/802.3   Token Ring (802.5)   SNAP/802.2  
 X.25   FDDI   ISDNFrame Relay   SMDS   ATM   
Wireless (WAP, CDPD, 802.11)Fibre Channel  
 DDS/DS0/T-carrier/E-carrier   SONET/SDH   DWDM
PPP   HDLC   SLIP/CSLIP   xDSL   Cable Modem (DOCSIS)

Fig 3: The  protocols  within each level of the internet protocol stack. 

 


APPLICATION LAYER AND SOCKETS

So far the data has been broken up into datagrams, sent to the other computer and put back together. However something is needed to log into a computer, tell it what file you want, and control the transmission of the file. This is done by the application protocols.         
    How is an application found on the other computer? 
    In general network programs are specialized for a specific set of tasks. Most systems have seperate programs to handle file transfers, remote terminal logins, mail, etc. When you connect to a computer you have to specify that you want to talk to a certain program; for example the FTP server. This is done by having well-known sockets for each server. TCP uses port numbers to keep track of individual conversations. The  user (client) programs use more or less random port numbers. Programs that sit and wait for requests (server) however are assigned specific port numbers. For example if you want to send a file you will start a program called ftp. Your computer will open a connection using a random number, say 1234 for the port number at its end. However it will specify port nr 21 for the other end. 21 is the official port nr for the ftp server. there is no need for your program to use a well known socket nr for itself. Nobody is trying to find it. However servers must have well-known numbers so that people can open connections to them and start sending their commands.
A connection is described by a set of 4 nrs. The ip nrs at each end and the tcp port nr at each end. No two connections can have the same set of nrs but it is enough that only one nr is different, as it would be in the case of two different users on a computer sending files to the same machine. This would result in  connections withthe following parameters.
           connection 1        128.6.4.194, 128.6.4.7        1234,21
            connection 2        128.6.4.194, 128.6.4.7        1235,21
Generally one end of the connection asks the network software to assign it a port nr that is guaranteed to be unique. Normally it is the users end since the server has to use a well-known number. 

The Application Layer protocols

The TCP/IP Application Layer protocols support the applications and utilities that are the Internet. Commonly used protocols include:

 

Archie:   A menu-oriented utility that allows a user to organize and search registered anonymous FTP sites for files on a specified topic on the internet. Largely obsolete today, obviated by the World Wide Web.  Archie clients connect up to the corresponding servers that provide the information that is being requested.
BGP:  The Border Gateway Protocol version 4 (BGP-4) is a distance vector exterior gateway routing protocol, commonly used between two ISPs or between a customer site and ISP if there are multiple links.
DNS:  The Domain Name System (described in slightly more detail in Section 3.2.2 above) defines the structure of Internet names and their association with IP addresses, as well as the association of mail and name servers with domains.
FTP:   The File Transfer Protocol allows a user to transfer files between local and remote host computers. It is a way to upload and download files on the Internet. Typically a site on the Internet stores a number of files (they could be application executables, graphics, or audio clips, for example), and runs an FTP server application that waits for transfer requests. To download a file to your own system, you run an FTP client application that connects to the FTP server, and request a file from a particular directory or folder. Files can be uploaded to the FTP server, if appropriate access is granted. FTP differentiates between text files (usually Ascii), and binary files (such as images and application executables), so care must be taken in specifying the appropriate type of transfer.
When an Internet site makes files available to the general public, this is called 'anonymous' FTP. A password does not need to be supplied, although the user e-mail address is typically requested. Some sites have confidential files or directories, and an FTP login and password is needed to download or upload.
Gopher:  A tool that allows users to search through data repositories using a menu-driven, hierarchical interface, with links to other sites on the internet. Largely obsolete today, obviated by the World Wide Web.
Gopher clients connect up to the corresponding servers that provide the information that is being requested.
HTTP:  The Hypertext Transfer Protocol is the basis for exchange of information over the World Wide Web (WWW). It is the primary protocol of the World Wide Web (WWW).Various versions of HTTP are in use over the Internet, with HTTP version 4.0  being the most current. WWW pages are written in the Hypertext Markup Language (HTML), an ASCII-based, platform-independent formatting language. HTML is not an Internet protocol - it is the internal format of Web pages. HTML consists of a set of tags and internal commands that are embedded inside Web pages to control the appearance and layout of Web pages, as well as links to other Web pages.
 When a Web browser connects to a Web server, it uses HTTP to request Web pages. A Web browser is an Internet client application, and the Web server is an Internet server application. HTTP has the ability to transfer Web pages, graphics, and any other type of media that is used on the Web. Web browsers cannot upload files, however. They can only download from the webservers.   
SMTP:   The Simple Mail Transfer Protocol is the standard protocol for the exchange of electronic mail over the Internet (RFC 821). SMTP is used between e-mail servers on the Internet or to allow an e-mail client to send mail to a server. RFC 822 specifically describes the mail message body format, and RFCs 1521 and 1522 describe MIME (Multipurpose Internet Mail Extensions). 
POP:  The Post Office Protocol defines a simple interface between a user's mail client software (e.g., Eudora, Outlook, or the e-mail capability of your browser) and an e-mail server, used to download mail from the server to the client and allows the user to manage their mailboxes. The current version is POP3
IMAP:   The Internet Mail Access Protocol defines an alternative to POP as the interface between a user's mail client software and an e-mail server, used to download mail from the server to the client and providing significant flexibility in mailbox management.
OSPF:   The Open Shortest Path First version 2 (OSPFv2) protocol is a link state routing protocol used within an organization's network. This is the preferred so-called interior gateway protocol.
Ping:  The Packet Internet Groper, a utility that allows a user at one system to determine the status of other hosts and the latency in getting a message to that host. Uses ICMP Echo messages.
Finger:  Used to determine the status of other hosts and/or users
RADIUS:   The Remote Authentication Dial-In User Service (RADIUS) is a remote-access protocol.
RIP:   The Routing Information Protocol (RIP) is a distance-vector routing protocol used within an organization's network.
SMTP:   The Simple Mail Transfer Protocol is the standard protocol for the exchange of electronic mail over the Internet. SMTP is used between e-mail servers on the Internet or to allow an e-mail client to send mail to a server. RFC 822 specifically describes the mail message body format, and RFCs 1521 and 1522 describe MIME (Multipurpose Internet Mail Extensions). 
SNMP:   The Simple Network Management Protocol defines procedures and management information databases for managing TCP/IP-based network devices. SNMP (RFC 1157) is widely deployed in local and wide area networks. SNMP Version 2 (SNMPv2, RFC 1441) adds security mechanisms that are missing in SNMP, but is also very complex; widespread use of SNMPv2 has yet to be seen. 
SSL:   The Secure Sockets Layer (SSL), designed by Netscape, provides a mechanism for secure communications over the Internet, based on certificates and public key cryptography. The most commonly known SSL application is HTTP over SSL, commonly designated as https. The newest version of SSL is called Transport Layer Security (TLS) . SSL is not, however, HTTP-specific; protocols such as IMAP4 (imaps), FTP (ftps), Telnet (telnets), and POP3 (pop3s) all have definitions for operation over SSL.
TACACS+:   The Terminal Access Controller Access Control System plus is a remote access protocol.
Telnet:   Short for Telecommunication Network, a virtual terminal protocol allowing a user logged on to one TCP/IP host to access other hosts on the network . Terminal emulation application. A way to remotely login to another system on the Internet. A telnet server must be running on the remote system, and a telnet client application is run on the local system. When you are logged in to a system using telnet, it is as if you were logged in locally and using the operating system command line interface on the telnet server system. Typical operating systems for telnet servers are Unix, Windows NT, and VMS.
TFTP:   The Trivial File Transfer Protocol  is used for some specialized simple file transfer applications.
Time/NTP:   Time and the Network Time Protocol are used so that Internet hosts can synchronize their system time from well-known Internet time servers.
Traceroute:   A tool that displays the route taken by packets across the Internet between a local and remote host.
Whois/
NICNAME:		 Utilities that search databases for information about Internet domains and domain contact information
NFS, XDR, RPC, X Windows Distributed file services
IRC

Internet Relay Chat  is a text-based chat mechanism that runs over the Internet. IRC clients provide the user interface for typing, while IRC servers pass the information back and forth, as well as organize the channels that are used for chatting.
 

FTP, telnet, SMTP, and almost all other Internet protocols are built-in to Web browsers. FTP, for example, is used to download application executables as well as other files (whenever you are asked for a 'save file' location, FTP is probably being used to transfer the file)

About URL
A URL ('Uniform Resource Location') is the mechanism used for Web addresses. URLs are used in Web browsers to find the location of a particular Web page. It consists of three main parts - the protocol, the host name, and the directory location. Here's an example Web address: http://www.msn.com/comics/bill/
    The protocol is first, followed by a colon and two slashes. In this case it is using the HTTP protocol, which means a Web page is at that location. The next portion is the Internet host name www.msn.com. Somewhere on the Internet is a system with that name, with a corresponding IP numeric address provided by the Internet DNS service. The last portion is the directory location, in this case /comics/bill. Since a Web server will typically have many different Web pages on multiple directories, the URL provides a way of specifying where to look.
    Another example URL: ftp://bastet.smj.tl.com/fdl/
    This specifies using the FTP protocol to go to a system named "bastet.smj.tl.com", then to the "fd1" directory on that system. A listing of the files in that directory will be displayed, and the appropriate files can be downloaded with the FTP protocol.

e-mail
 E-mail is handled with the mailto prefix: mailto:bastet@swipnet.se
    Internet e-mail uses a protocol called SMTP (Simple Mail Transfer Protocol). An e-mail client is used to compose and receive messages, and it communicates with an SMTP server which figures out where to send the message and takes responsibility for getting it there.
    An Internet e-mail address is composed of two parts - the user name, and the server location. For example, my Internet e-mail address is: bastet@swipnet.se
    I have an account and user name bastet with Tele2 and their e-mail system name is swipnet.se.
    SMTP relies on having servers running at both sites (source and destination). If you're using PPP or SLIP to connect to the Internet, your system is typically not connected all the time, and for many users doesn't have a fixed name (it is dynamically assigned from a pool of names and addresses). In this case the e-mail is stored on the ISP e-mail server, and after logging in a special connection is made by the e-mail client to get the waiting e-mail messages.
    E-mail systems on a LAN sometimes don't use the SMTP protocol (e.g. CC:Mail). In this case a translation is made between the two e-mail protocols so that e-mail can be interchanged. This is commonly called an e-mail gateway.

 

 

 

  

TRANSPORT LAYER

The connection of your PC to the internet is either through a LAN that is connected to the Internet, or you're using PPP or SLIP to dial-up to an ISP. 
    TCP and UDP are the two major protocols of the transport layer that your PC will be using to send packets of information back and forth  to a remote system somewhere on the Internet. These two protocols run over IP; (TCP/IP - tcp over ip and UDP/IP - udp over ip) using it for the basic networking. TCP packages the data into small packets, numbers them, and hands it over to the IP with the IP adress of the recipient. 

TCP (Transmission Control Protocol)
     The services TCP provides are reliability, efficient flow control, stream data transfer, full-duplex operation, and multiplexing.   Full-duplex operation means that TCP processes can both send and receive at the same time. Multiplexing means that numerous simultaneous upper-layer conversations can be multiplexed over a single connection.

TCP Connection Establishment 
Before any delivery of data is done TCP connects to the other computer, presents itself, and establishes a connection on which IP will route the packets.  The purpose is to inform eachother (and a gree upon) the amount of data that can be received at once. TCP hosts establish a reliable connection-oriented session with one another  by using a "three-way handshake" mechanism.  
    A three-way handshake synchronizes both ends of a connection by allowing the sides to agree upon initial sequence numbers. This mechanism also guarantees that both sides are ready to transmit data and know that the other side is ready to transmit as well. A similar handshake mechanism is used to end the session, too. 
    Each host randomly chooses a sequence number (It does not have to start from 0) used to track bytes within the stream it is sending and receiving. Then, the three-way handshake proceeds in the following manner:
1)  The first host (Host A) initiates a connection by sending a packet with;
a) SYN flag set to "on" indicating a connection request. 
b) An initial sequence number X ("19" in this case). 
2) The second host (Host B) receives the packet and replies by sending back another     segment with;                
a) SYN flag set to "on"
b) with an ACK which is equal to X + 1 ("20" in this case)
An ACK = 20 means the host has received bytes 0 through 19 and
expects byte 20 next.
c) its own initial sequence number Y. This technique is called
forward acknowledgment.
3) Host A then acknowledges all bytes Host B sent with a forward acknowledgment indicating the next byte Host A can expect to receive (ACK = Y + 1). Data transfer then can begin. 
    When the packets arrive at the other computer ( they may have come at any time and in any order) TCP at the recipient checks them for further errors, puts them in the order designed by the TCP protocol of the first computer. 

Efficient flow-control; TCP Sliding Window
TCP offers en efficient flow control, which means that, when sending acknowledgments back to the source, the recipients TCP process indicates the highest sequence number it can receive without overflowing its internal buffers. This is a way to control the speed of the transmission so that the recipient does not get stuffed with packets before it can process them. TCPs at each end say how big a datagram they can handle and they pick the smallest size. 
    A window is the number of data bytes that the sender is allowed to send before waiting for an acknowledgment. The receiver specifies the current window size in every packet. Initial window sizes are indicated at connection setup, but might vary throughout the data transfer to provide flow control. A window size of zero, for instance, means "Send no data."

In a TCP sliding-window operation, the sender might have a sequence of bytes to send (numbered 1 to 10) to a receiver who has a window size of five. The sender then would place a window around the first five bytes and transmit them together. It would then wait for an acknowledgment. The receiver would respond with an ACK = 6, indicating that it has received bytes 1 to 5 and is expecting byte 6 next. In the same packet, the receiver would indicate that its window size is 5. The sender then would move the sliding window five bytes to the right and transmit bytes 6 to 10. The receiver would respond with an ACK = 11, indicating that it is expecting sequenced byte 11 next. In this packet, the receiver might however indicate that its window size for the moment is 0 (because, for example, its internal buffers are full). At this point, the sender cannot send any more bytes until the receiver sends another packet with a window size greater than 0.

Reliability
 If the packets contain errors they are thrown away by the IP at the recipient and no acknowledgement is sent back to the transmitting computer. That is how TCP at the transmitter end understands that a certain packet has not been sent correctly. Bytes not acknowledged within a specified time period are retransmitted by the use of a time-out mechanism.  This is thow TCP allows devices to deal with lost, delayed, duplicate, or misread packets.  
    If data has come correctly they are processed by TCP and delivered to the next level protocol, the next facet of the communication in the hierarchy of the protocol suite. 
    The "connectionless" side to this story is that information is transferred as a sequence of datagrams which are all sent into the network individually. When these datagrams are in transit the network won't know that there is any connection between them. Datagram 13 may arrive before datagram 4, some datagrams may get lost and need to be sent again, etc. 

    In small networks it may seem that  TCP/IP is doing the whole work, but in larger networks like the internet , simply getting the datagram to its destination can be a complex job. A datagram may have to go through several networks,  a serial line to a computer center, a series of 56K baud phone lines to a netsite  and some more ethernets on another department. Keeping track of all routes to all destinations and handling incompatibilities among transport media turns out to be a complex jobb. This would be the job of IP.

UDP (User Datagram Protocol)    

TCP provides a very reliable communication whereas UDP does not.
    UDP is essentially IP adress with port numbers. It gives the user access to IP-style datagrams. The network file system (NFS) and "talk"  are two examples of UDP-based protocols.
    In many applications,  messages will always fit in a single datagram. An example is name lookup. When a user attempts to make a connection to another system, he will generally specify the system by name, rather than Internet address. His system has to translate that name to an address before it can do anything. Generally, only a few systems have the database used to translate names to addresses. So the user's system will want to send a query to one of the systems that has the database. This query is going to be very short. It will certainly fit in one datagram. So will the answer. Thus it seems silly to use TCP. Of course TCP does more than just break things up into datagrams. It also makes sure that the data arrives, resending datagrams where necessary. But for a question that fits in a single datagram, all the complexity of TCP is not neded . (If you don't get an answer after a few seconds, you can just ask again.) For applications like this, there are alternatives to TCP.

The most common alternative is UDP (user datagram protocol). UDP is designed for applications where you don't need to put sequences of datagrams together. It fits into the system much like TCP. There is a UDP header. The network software puts the UDP header on the front of your data, just as it would put a TCP header on the front of your data. Then UDP sends the data to IP, which adds the IP header, putting UDP's protocol number in the protocol field instead of TCP's protocol number. However UDP doesn't do as much as TCP does. It doesn't split data into multiple datagrams. It doesn't keep track of what it has sent so it can resend if necessary. About all that UDP provides is port numbers, so that several programs can use UDP at once. UDP port numbers are used just like TCP port numbers. There are again well-known port numbers for servers that use UDP. Note that the UDP header is shorter than a TCP header. It still has source and destination port numbers, and a checksum, but that's about it. No sequence number, since it is not needed. 
    The User Datagram Protocol (UDP) is a connectionless transport-layer protocol UDP protocol ports distinguish multiple applications running on a single device from one another.
    Several well-known application-layer protocols for which the UDP is the transport protocol are Network File System (NFS), Simple Network Management Protocol (SNMP), Domain Name System (DNS), and Trivial File Transfer Protocol (TFTP).
    The UDP packet format contains four fields. These include source and destination ports, length, and checksum fields.

Internet Control Message Protocol (ICMP)

Another alternative protocol is ICMP. ICMP is used for reporting errors and other information regarding IP packet processing  intended for the TCP/IP software itself, rather than any particular user program. For example, if you attempt to connect to a host, your system may get back an ICMP message saying "host unreachable". ICMP can also be used to find out some information about the network. ICMP is similar to UDP, in that it handles messages that fit in one datagram. However it is even simpler than UDP. It doesn't even have port numbers in its header. Since all ICMP messages are interpreted by the network software itself, no port numbers are needed to say where a ICMP message is supposed to go.

ICMP Messages

ICMPs generate several kinds of useful messages, including Destination Unreachable, Echo Request and Reply, Redirect, Time Exceeded, and Router Advertisement and Router Solicitation. If an ICMP message cannot be delivered, no second one is generated. This is to avoid an endless flood of ICMP messages.

When an ICMP destination-unreachable message is sent by a router, it means that the router is unable to send the package to its final destination. The router then discards the original packet. Two reasons exist for why a destination might be unreachable. Most commonly, the source host has specified a nonexistent address. Less frequently, the router does not have a route to the destination.

Destination-unreachable messages include four basic types: network unreachable, host unreachable, protocol unreachable, and port unreachable. Network-unreachable messages usually mean that a failure has occurred in the routing or addressing of a packet. Host-unreachable messages usually indicates delivery failure, such as a wrong subnet mask. Protocol-unreachable messages generally mean that the destination does not support the upper-layer protocol specified in the packet. Port-unreachable messages imply that the TCP socket or port is not available.

An ICMP echo-request message, which is generated by the ping command, is sent by any host to test node reachability across an internetwork. The ICMP echo-reply message indicates that the node can be successfully reached.

An ICMP Redirect message is sent by the router to the source host to stimulate more efficient routing. The router still forwards the original packet to the destination. ICMP redirects allow host routing tables to remain small because it is necessary to know the address of only one router, even if that router does not provide the best path. Even after receiving an ICMP Redirect message, some devices might continue using the less-efficient route.

An ICMP Time-exceeded message is sent by the router if an IP packet's Time-to-Live field (expressed in hops or seconds) reaches zero. The Time-to-Live field prevents packets from continuously circulating the internetwork if the internetwork contains a routing loop. The router then discards the original packet.

ICMP Router-Discovery Protocol (IDRP)

IDRP uses Router-Advertisement and Router-Solicitation messages to discover the addresses of routers on directly attached subnets. Each router periodically multicasts Router-Advertisement messages from each of its interfaces. Hosts then discover addresses of routers on directly attached subnets by listening for these messages. Hosts can use Router-Solicitation messages to request immediate advertisements rather than waiting for unsolicited messages.

IRDP offers several advantages over other methods of discovering addresses of neighboring routers. Primarily, it does not require hosts to recognize routing protocols, nor does it require manual configuration by an administrator.

Router-Advertisement messages enable hosts to discover the existence of neighboring routers, but not which router is best to reach a particular destination. If a host uses a poor first-hop router to reach a particular destination, it receives a Redirect message identifying a better choice.

Ports
    Once the desired machine is identified  there is a need for a way to identify a particular service (e.g., mail). This is the function of ports -- the identification numbers included with every UDP or TCP packet. 
    TCP/IP ports are not hardware-based. They are a just a way of labeling packets. A process on a machine ``listens'' on a particular port. When the transport layer receives a packet, it checks the port number and sends the data to the corresponding process. When a process starts up, it registers a port number with the TCP/IP stack. Only one process per protocol can listen on a given port. So while a process using UDP and one using TCP can both listen on port 111, two processes that both used TCP could not. There are a number of ports which are reserved for standard services. For example, SMTP, the mail protocol, is always on port 25, and telnetd is always on port 23. To see a list of the reserved ports on a Unix system you can look at  /etc/services/.
    While specific ports are reserved for specific  tasks on the server port assignment is dynamic on the initiator end. When a telnet client on a machine starts up, it gets a new port number (e.g., 1066). This is the source port that TCP layer  puts on every packet coming out of that machine. This allows the telnet daemon (telnetd) on the server to respond to the correct telnet process on the client. The combination of source/destination IP addresses and ports provides a unique conversation identifier. Each conversation is called a flow. 
    Higher-layer applications are referred to by a port identifier in TCP/UDP messages. The port identifier and IP address together form a socket, and the end-to-end communication be  tween two hosts is uniquely identified on the Internet by the four-tuple (source port, source address, destination port, destination address).

Port numbers are specified by a 16-bit number. Port numbers in the range 0-1023 are called Well Known Ports. These port numbers are assigned to the server side of an application and, on most systems, can only be used by processes with a high level of privilege (such as root or administrator). Port numbers in the range 1024-49151 are called Registered Ports, and these are numbers that have been publicly defined as a convenience for the Internet community to avoid vendor conflicts. Server or client applications can use the port numbers in this range. The remaining port numbers, in the range 49152-65535, are called Dynamic and/or Private Ports and can be used freely by any client or server.

Some well-known port numbers include:

Port # Common
Protocol 		Service
7 TCP echo
9 TCP discard
13 TCP daytime
19 TCP chargen
20 TCP ftp-control
21 TCP ftp-data
23 TCP telnet
25 TCP smtp
37 UDP time
43 TCP whois
53 TCP/UDP dns
67 UDP bootps
68 UDP bootpc
69 UDP tftp
70 TCP gopher
79 TCP finger
80 TCP http
110 TCP pop3
111 TCP sunrpc
119 TCP nntp
123 UDP ntp
137 TCP/UDP netbios-ns
138 UDP netbios-dgm
139 TCP netbios-ssn
143 TCP imap
161 UDP snmp
162 UDP snmp-trap
179 TCP bgp
443 TCP https (http/ssl)
520 UDP rip
1080 TCP socks
33434 UDP traceroute

 

MORE ON THE WAY...                  AFTER THE BREAK...