Internet

What is a TCP or UDP socket and what differences are there with ports

For two processes to be able to communicate with each other, it is necessary for one process to be able to locate the other, and for both processes to be able to exchange information over the network. Of course, we are using a client-server architecture, so one of the two processes must initiate the communication. For two processes to communicate we need to have a socket.

A socket, regardless of whether we use the TCP protocol or the UDP protocol, is defined by the following parameters:

  • Transport layer protocol used: TCP or UDP
  • Source IP address: can be a public or private IP.
  • Destination IP address: can be a public or private IP.
  • Source or local port: this port is usually between ports 49152 to 65535, they are called dynamic or private ports. But it doesn’t have to be this way, you can use any source port, for example a web server that uses port 443 for HTTPS connections will use source port 443 for connections.
  • Destination or remote port: this port can be any port, it is necessary that the other process or host is listening to this port.

Thanks to all these parameters, we can make each of the connections made unique, in this way, both the source and the destination can perfectly identify the connection and start exchanging data.

How many sockets can you have in a team?

For each of the connections that we make outside our equipment, we need a socket so that we can exchange information between the different processes. In a particular computer we can have a large number of open sockets, although this will depend both on the hardware of the computer and also on the operating system, since it is the operating system that will be in charge of managing all the sockets (creating and deleting them). When we open a new socket, it must be unique to uniquely identify the connection.

In the case of web servers, each of the client connections is defined by a socket, for example, imagine that a total of three clients connect to our web server, each socket will be different, moreover, depending on whether we look the status of the connection on our local or remote computer, the pair of IP and ports will change from source to destination and vice versa.

In the following example, we can see the sockets created on a web server, looking at these sockets from the web server itself.

  • User 1
  • Protocol: TCP.
  • Source IP: 77.77.77.77 (the client).
  • Destination IP: 88.88.88.88 (us).
  • Source or local port: 49152 (the client).
  • Destination or remote port: 443 (we use HTTPS).

In the case of the second user, we would have:

  • User 2
  • Protocol: TCP.
  • Source IP: 71.71.71.71 (the client).
  • Destination IP: 88.88.88.88 (us).
  • Source or local port: 49152 (the client).
  • Destination or remote port: 443 (we use HTTPS).

In this case, only the source IP has changed, but as soon as one of the four parameters changes, we already have a new socket that allows us to uniquely identify the connection. That client can still use source port 49152 as the first, but the source IP will be different. As soon as one of the four parameters changes, we are already in another totally different process and there is no problem to identify it properly.

How to see all sockets in the system

In Windows operating systems we can see all the system sockets that are open, simply by executing the following command at the command prompt with administrator permissions:

netstat

In the following image you can see the TCP protocol, the local address that is formed by IP:PORT and also the remote address that is formed by IP:PORT. Finally, it also indicates the status of the connection.

In Linux operating systems there is also netstat, or rather, there was, because now it is considered “deprecated”. The substitute is the “ss” command that has the same functionalities but allows us more display options. If you’re using a Linux-based operating system, you can run the following command to see all sockets:

ss

Now that we have seen what a socket is, let’s see how it differs from ports.

What is the difference with the ports

A TCP or UDP socket is often confused with TCP or UDP ports. A socket, as we have said before, is made up of the transport layer protocol, the source and destination IP address, as well as the source and destination ports. The “ports” are only part of the socket, a fundamental part but only a part, in order to form a socket it is also necessary to have the corresponding IP addresses so that there can be point-to-point communication between two processes.

When we open a port in the router, what we are really doing is allowing communication from the outside (Internet) to the inside of the local network, going through the NAT that all routers have for the IPv4 protocol. When we are in a NAT environment, the router will take care of translating the private IP addresses into the public one, in order to correctly route all traffic to the Internet.

In the event that any client inside the NAT wishes to communicate with a web server that is on the Internet, the socket that this local client will create will be something like this:

  • Protocol: TCP.
  • Source IP: 192.168.1.2 (us).
  • Destination IP: 88.88.88.88 (the web server).
  • Origin or local port: 49152 (us).
  • Destination or remote port: 443 (web server).

The router will then take this connection, and translate it into the following, so that it can be routed over the Internet, creating a new socket between the router and the remote web server:

  • Protocol: TCP.
  • Source IP: 20.20.20.20 (our public IP).
  • Destination IP: 88.88.88.88 (the web server).
  • Origin or local port: 49152 (us).
  • Destination or remote port: 443 (web server).

In the event that the communication is the other way around (from outside the NAT to inside the NAT), it is when we must open a port in our router so that the server can be reached from the outside, otherwise, the firewall of the router will stop all communication.

Related Articles

Leave a Reply

Your email address will not be published.