Skip to content

Ports and Applications

Each computer has a series of communication points that are called ports. If a computer has a software process running on it (what normies call a "program") and the program has control of a port and listens to the data sent to it, then the program can be communicated with. The communication follows a protocol, which lists the commands that the program understands.

Computers use IP addresses to identify other computers. In principle, each computer that is connected to the internet has an IP address that associates to it. An IP Address is a set of four numbers between 0 and 255 separated by a period (e.g. 127.0.0.1, which corresponds to your own computer). As there are only 232 possible options for the address, these are slowly running short due to the emergence of coffee pots with IP addresses and accompanying software -- the internet of things. A more recent version called IPv6 also exists; it has 2128 different address possibilities and essentially solves this issue.

Ports... really?

In practice, a port is a concept in the transport layer. When a computer sends a message to another computer, the message has embedded information on the port that the message is supposed to be sent to on the target computer. When the message reaches the target computer, the embedded information is processed, and the port information is used to identify the specific program on the target computer that the message has been sent to.

Sockets

From the POV of the programmer, communication between two computers is done using a socket. A socket is a handle - much like a file handle - which can be used for both reading and writing. The difference here is that instead of working with files, the "writing" is done to a given port at a remote machine, and "reading" is done from a stream of data that the remote machine sends.

Programming Sockets in Python

Programming languages normally come with libraries which can help reduce the amount of code you need to write to achieve a specific task.

In Python, there is a dedicated socket module. In principle, the programmer only needs to:

  1. Create an instance of socket
  2. Connect instance to the target (by providing IP address and port number)
  3. Read the data from the target
address = "127.0.0.1"
port    = 12321

s = socket.socket() # Create socket instance (step 1 above)
s.connect((address, port)) # Connect to the target (step 2)
data = s.recv(1024) # Attempt to read at most 1024 bytes

Based on the target server, the above example will throw an exception if the port cannot be connected to. See Python tutorial on Exceptions for how to handle exceptions.

Why the additional parenthesis?

The connect parameters are wrapped in an additional parenthesis. The reason for which is connect takes one parameter but in our case it is a tuple in the form (address, port).

Port scanners are a common tool that security researchers use to identify services available on a given machine. Port scanners work by iterating through a range of ports, and attempting to connect to each of the ports. If a connection is successful, something has responded to the request, and it can be investigated further.

Talking with the remote program

If a computer has a port open, the program listening to that port can likely be talked with. One of the simplest approaches for trying out such discussion is the use of Telnet, which is available in most of the operating systems: if not, you can always download e.g. PuTTY (with PuTTY make sure that your connection type is raw). Modern MacOS no longer has built-in Telnet but you can use netcat (nc).

Telnet connections are made to a specific address and to a specific port. For example, a connection to the F-Secure web server could be initiated through the address f-secure.com and the port 80.

When discussing with an application, it is important to know the protocol — discussion format — that the application follows. One such example is the HTTP-protocol, which is used by web servers.

The basic command for retrieving the root content from a web-server is as follows.

GET / HTTP/1.1
Host: f-secure.com

In the above example, we first tell the server that we want to get the resource at "/", and that we are following version 1.1. of the HTTP. The next line describes the address we want to access — this is entered as servers may host multiple web sites. An HTTP request is ended by two empty lines.

When launching telnet and retrieving the content from f-secure -site, we see something similar to the following.

username@machine:~$ telnet f-secure.com 80
Trying 104.126.172.25...
Connected to f-secure.com.
Escape character is '^]'.
GET / HTTP/1.1

Host: f-secure.com
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://f-secure.com/fi_FI/
...

In the above example, instead of returning the content of the page, the F-Secure web server asks us to look for the content from the address http://f-secure.com/fi_FI/.