What Are Port Numbers and Sockets?
In internet communication, the communication destination is not completely determined by IP address alone.
An IP address is information used to find a communication partner on a network. However, inside one server or device, multiple communications may be active at the same time, such as web, DNS, email, chat apps, and cloud synchronization.
For that reason, even if the destination IP address is known, that alone does not tell us "which service or application should receive this communication."
Port numbers are used for this distinction.
IP Address Alone Cannot Distinguish Applications
An IP address is information that shows the communication partner's position on a network.
For example, when accessing a web server, communication first goes toward that server's IP address. However, on the server side, not only a web server but also DNS, email, management services, API servers, and similar services may be running at the same time.
At that point, the IP address alone cannot decide "which service on the server should receive the communication."
Therefore, at the transport layer, protocols such as TCP and UDP use port numbers to distinguish where communication should be handed off.
Port Numbers Distinguish Communication Entrances
A port number is a number used in TCP and UDP communication.
Port numbers are often explained as "communication entrances." This is broadly correct. More precisely, however, a port number is an identifier the OS uses to distribute communication to the appropriate process or service.
For example, even for communication addressed to the same IP address, destination port number 443 can be distinguished as an HTTPS web server, 53 as a DNS server, and 25 as a service related to mail delivery.
| Use | Commonly used port number | Main protocol | Description |
|---|---|---|---|
| HTTP | 80 | TCP | Often used for unencrypted web communication |
| HTTPS | 443 | TCP / UDP | Ordinary HTTPS uses TCP; HTTP/3 uses QUIC over UDP |
| DNS | 53 | UDP / TCP | UDP is common for ordinary queries, while TCP is also used for large responses and specific purposes |
| SMTP | 25 | TCP | Mainly used for delivery between mail servers |
| SMTP Submission | 587 | TCP | Used for sending from a mail client to a sending server |
| IMAPS | 993 | TCP | Used for receiving email through IMAP protected by TLS |
There are standard numbers that are commonly used as port numbers. However, a port number does not absolutely guarantee the type of service.
For example, HTTPS is commonly used on port 443, but depending on server configuration, another application can also use port 443. Conversely, a web server can also run on a non-standard port number.
In other words, port numbers are strong clues for inferring the purpose of communication, but they do not completely determine the communication content by themselves.
Why Multiple Services Can Run on One Server
Because port numbers exist, multiple services can run at the same time on one server.
For example, if a server with the same IP address provides HTTPS, DNS, and mail-delivery services at the same time, each service can listen on a different port number.
| Destination IP address | Destination port number | Communication protocol | Example delivery destination |
|---|---|---|---|
| Same server IP address | 443 | TCP | HTTPS web server |
| Same server IP address | 53 | UDP / TCP | DNS server |
| Same server IP address | 25 | TCP | Mail delivery service between mail servers |
| Same server IP address | 587 | TCP | Submission service for sending email |
In this way, an IP address is used to find the communication partner host, and a port number is used to distinguish which service within that host receives the communication.
In practice, however, decisions are not made by "IP address alone" or "port number alone." The communication protocol, such as TCP or UDP, is also important.
Even with the same port 53, UDP port 53 and TCP port 53 are treated as separate communications.
Multiple Apps Can Communicate at the Same Time on One Device
Port numbers are not used only on the server side. They are also used on users' PCs and smartphones.
For example, suppose one PC has a browser open, a chat app in use, cloud storage syncing, and OS update checks also running. At that time, multiple communications are occurring inside the device at the same time.
The OS needs to distinguish each communication and hand the returned data to the correct application.
This distinction also uses the combination of source IP address, source port number, destination IP address, destination port number, and communication protocol.
Communication Is Distinguished by Five Pieces of Information
When understanding TCP and UDP communication, the following five pieces of information are important.
| Information | Meaning | Example |
|---|---|---|
| Source IP address | IP address of the side sending the communication | User device IP address |
| Source port number | Port number used on the side that started the communication | Temporarily assigned number on the device side |
| Destination IP address | IP address of the side receiving the communication | Web server IP address |
| Destination port number | Port number of the service receiving the communication | 443 for HTTPS, for example |
| Communication protocol | Type such as TCP or UDP | TCP, UDP |
This combination of five items is called a 5-tuple.
For example, when a browser connects to an HTTPS web server, the destination port number is often 443. Meanwhile, the source port number is assigned for each communication on the user's device side.
Because this source port number exists, even when the same device performs multiple communications to the same web server, each one can be distinguished.
Destination Ports and Source Ports Have Different Roles
When understanding port numbers, it is important to think separately about destination port numbers and source port numbers.
| Type | Main role | Example |
|---|---|---|
| Destination port number | Indicates the service to connect to | 443 for HTTPS, 53 for DNS |
| Source port number | Distinguishes which communication a response should return to | Temporarily assigned number on the device side |
When accessing a website, the user's device often sends communication to destination port 443. However, to receive the response, the device side also needs a source port number.
From the server's perspective, the response destination becomes "the user's IP address and the port number used on the user's side."
This mechanism allows one device to handle multiple communications at the same time.
What Is a Socket?
A socket is a way of thinking about an entrance and exit for handling network communication.
In programming, a socket is a mechanism an application asks the OS to create so it can perform network communication. However, at the stage of understanding communication structure, it is easier to think of a socket as "an endpoint of communication represented by a combination of IP address, port number, and communication protocol."
For example, on the server side, a web server creates a state of "listening on TCP port 443." This means the server has prepared a listening point for receiving HTTPS communication.
On the client side, meanwhile, an application such as a browser is assigned a source port number by the OS when it starts communication.
| Position | How to view the socket | Example |
|---|---|---|
| Server side | Listens on a specific IP address, port number, and protocol | Listens for HTTPS on TCP port 443 |
| Client side | Manages connections using a source port number for each communication | Browser connects from a temporary source port |
| Whole communication | Identifies one communication by the source and destination combination | Source IP, source port, destination IP, destination port, protocol |
Strictly speaking, the word socket changes meaning slightly depending on context.
It may refer to a socket used by a server to wait for connections, or to a communication endpoint after an actual connection is established. Also, sockets are handled differently in communication that creates a connection, such as TCP, and communication that does not create a connection, such as UDP.
As a basic understanding, however, it is enough to understand it as "a communication opening on the OS that applications use to handle network communication."
The Meaning of Port Numbers Also Changes Between TCP and UDP
Port numbers are used in both TCP and UDP, but the nature of the communication is different.
TCP is a method that establishes a connection before sending and receiving data. It is used in many communications such as HTTPS on the web, email sending, and SSH.
UDP is a method that does not assume connection establishment like TCP. It is used for DNS queries, QUIC, real-time communication, and similar purposes.
| Item | TCP | UDP |
|---|---|---|
| Nature of communication | Communicates after establishing a connection | Does not assume connection establishment |
| Role of port number | Used to identify the destination service and the communication | Used to distinguish where data should be handed off |
| Representative examples | HTTPS, SSH, SMTP, IMAPS | DNS, QUIC, some real-time communication |
Even with the same port number, TCP and UDP are treated as different communications.
For example, TCP port 443 and UDP port 443 use the same number "443," but because the communication protocol is different, the OS and network devices treat them as different things.
Port Numbers Help Infer the Purpose of Communication
Understanding port numbers makes communication logs and network behavior easier to read.
For example, if the destination port is 443, it may be web-related communication such as HTTPS or HTTP/3. If the destination port is 53, it may be a DNS query. If the destination port is 587, it may be communication related to sending email.
However, the content of communication cannot be fully judged from port numbers alone.
Encrypted communication makes the content harder to see. Services can also run on non-standard port numbers. In addition, ports that are widely allowed, such as 443, may also carry non-web communication.
Therefore, a port number is "material for inferring the purpose of communication," not "information that proves the communication content itself."
Port Numbers for Understanding Anonymity
s, , DNS, HTTPS, and similar systems also actually work through combinations of IP addresses, port numbers, and communication protocols.
For example, HTTPS often uses port 443. DNS often uses port 53. VPNs use different port numbers and protocols depending on the method. Tor's communication visibility also changes depending on the usage environment and connection destination.
When thinking about anonymity and privacy, not only communication content but also information visible on the outside of communication is important.
Even if communication content is encrypted, depending on the observation position, the following kinds of information may be visible.
| Information that may be visible | Meaning | Caution |
|---|---|---|
| Destination IP address | Which server the communication is going to | When a CDN or proxy is in between, it may not match the final service |
| Destination port number | What type of communication it appears to be | Port 443 does not necessarily mean ordinary web browsing |
| Communication protocol | TCP, UDP, and similar distinctions | Some web communication, such as HTTP/3, uses UDP port 443 |
| Traffic volume | How much data is sent and received | The volume may be observed even if content is encrypted |
| Communication timing | When communication occurred | Can become material for inferring behavior patterns |
In other words, port numbers are not an element that determines anonymity itself, but they are important information for understanding communication structure.
If you can organize "which app communicates to which IP address, with which protocol, using which port number," behavior of VPNs, Tor, DNS, HTTPS, and similar systems also becomes easier to understand.
This Article Focuses on Communication Structure
Understanding port numbers and sockets changes how networks look considerably. However, this article does not go deeply into the following topics.
| Topic not covered | Reason |
|---|---|
| Socket programming | It becomes implementation-oriented and moves away from understanding communication structure |
| Details of ephemeral port numbers | Covering OS-specific allocation ranges and behavior would broaden the scope |
| Details of NAT tables | It would enter router and firewall translation processing |
| Practice of port scanning | It becomes concrete discussion of attack or diagnostic methods and falls outside this article's purpose |
The important point here is that communication cannot be distinguished sufficiently by IP address alone, and that delivery destinations and return destinations are managed by combining port numbers and protocols.
Summary
An IP address is information used to find a communication partner on a network.
However, multiple services and applications communicate at the same time on one device or server. For that reason, IP address alone cannot decide which application or service communication should be handed to.
Port numbers are numbers used in TCP and UDP communication, and the OS uses them to distribute communication to the appropriate service or application.
In web communication, ports 80 and 443 may be used; in DNS, port 53; and in mail-related communication, ports such as 25, 587, and 993. However, communication content cannot be fully determined from port numbers alone.
Communication is identified by the combination of source IP address, source port number, destination IP address, destination port number, and communication protocol. Understanding this combination explains why multiple apps can communicate at the same time on one device, and why multiple services can run on one server.
A socket is a communication opening that applications use to handle network communication. For understanding communication structure, it is easier to organize it as a communication endpoint combining IP address, port number, and communication protocol.
Understanding port numbers and sockets makes it easier to read where communication is going, which service it reaches, and which communication it is managed as. This is also an important foundation for understanding the communication structure of HTTPS, DNS, VPNs, Tor, and similar systems.
Related tools
WhatIsMyIP
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.