It’s the one thing when I’m configuring things that makes me wince because I know it will give me the business, and I know it shouldn’t, but it does, every time. I have no real idea what I’m doing, what it is, how it works, so of course I’m blindly following instructions like a monkey at a typewriter.

Please guide me into enlightenment.

  • 520@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    Imagine your computer is a big block of flats and your applications are all people who live in the building.

    Mail sent to the building address alone isn’t going to reach the intended recipient, because the postman doesn’t know what flat to post it to. So they need additional information such as ‘Flat 2C’

    That’s the basic concept of ports. It’s basically additional addressing information to allow your computer to direct internet traffic to the correct applications.

    When an application is actively listening on a port, it means that they are keeping an eye out for messages addressed to them, as designated by the port number. While an application is sending or receiving messages using a given port number, that port number is considered ‘open’.

    Now, all sorts of applications do all sorts of things. Some are for the public to use and there are some that are useful within trusted circles, but can be abused by malicious people if anyone in the world can send messages to it. Thus, we have a firewall, which acts as a gatekeeper. A firewall can ‘block’ a port, denying access to a given group of people, or ‘unblock’ it, allowing access.

    VPNs are a totally different thing. They are literally middlemen for your internet traffic. Instead of directly posting a message to somewhere and receiving a direct reply back, imagine you flew out to Italy to use a post box there and receive replies from there.

    • dan@upvote.au
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      7 months ago

      I love your analogy for ports, but I’m not sure about the VPN one.

      If you imagine network traffic as mail going through the postal system, then a VPN is like a private mail tunnel between two locations, that nobody else can enter or look into. Mail sent via the tunnel is private and nobody else can read it. The person at the other end of the tunnel can either open the mail themselves (ie a VPN from your laptop to your home server to access it when you’re away), or forward the mail somewhere else (ie if you’re routing Internet-bound traffic through it) and nobody will know it came from you originally.

      • my_hat_stinks@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        I’m not sure that’s a completely accurate analogy either. When you’re using a VPN people can still see that you are sending traffic through your tunnel, they just can’t tell what it is that you’re sending. It’s like looking through frosted glass; there’s definitely something moving in there but you can’t tell what.

        I suppose the best way to describe it is you send a locked box to a trusted friend; everyone handling it can see the box but can’t tell what’s inside. Inside the box is a letter, your friend posts it so it looks like it came from them. Your friend then gets a reply, puts it in a locked box, and send it back to you. Nobody between you and your friend can snoop on your mail but anyone between your friend and the final destination can.

    • jordanlund@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      To expand on that analogy… certain services need entry into the building and then from there, they get distributed throughout the building.

      Water comes in on the water line.
      Electricity comes in on the electric wire.
      Internet may come in on coaxial or fiber.
      Gas comes in on the natural gas pipeline.

      Your computer has ports to deal with basic tasks. These are called “well known port numbers”.

      https://www.geeksforgeeks.org/50-common-ports-you-should-know/

      So while, in theory, you COULD get email in on a non-email port, that wouldn’t be expected and would be like feeding water through a natural gas line.

      • Zagorath@aussie.zone
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        Just reading that URL and I’m sorry (to the author of that article), but there’s no way there are 50 ports “you should know”. 443, 80, 22, and that’s about it. Maybe whatever the SMPT port is just for interest’s sake, but that’s very rarely going to be important practical knowledge. And there are some ports outside the well-known port range that might be handy. Your VPN’s port, your DB’s port. But even then, you’re not getting anywhere near 50.

    • DABDA@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      Just to clarify, nothing about ports requires wifi to be involved at all. It doesn’t need to be a wifi router, a network doesn’t have to be connected via wifi.

        • DABDA@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          Just seemed like a needlessly confusing specific detail to include as it is not a necessity to have any wifi connectivity at all and might mislead OP/readers into assuming it has some relevance to ports. It should be sufficient to just say router unless the question involves SSIDs or related components specific to that connection method.

      • neidu2@feddit.nl
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        Funfact: doesn’t even require ethernet. Any link that involves an IP will do.

  • dnick@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    Maybe think of it like one of those big walls of post office mailboxes…behind the wall is your computer and an app might be waiting for a message at box 22 or box 45678. You could close all the boxes and nothing could get in, or you could open one or all of them and allow people to deliver messages to them.

    If you connect your computer directly to the internet, anyone who knows your IP address could say 'deliver message X to port 22 at ip address <your ip address> and the program watching that box would get the message.

    If you put a router in the mix, and multiple computers, the router has the same block of boxes, but if someone sends a message to one of the boxes it just sets there. If you set up ‘forwarding’, sending a message to your ip address gets the message to the router, but if you forward box 22 from your router to a specific computer on your network, then the router takes a message at box 22 on itself and ‘forwards’ it to box 22 on whatever computer you specific (using internal ip addresses).

    You could map box 22 on your router to any other box on your computer…like port 22 coming into your router might get sent to port 155 on your computer…this is useful if you don’t want external people just exploring and lazily breaking into your computer using known vulnerabilities. Lots of ports are ‘common’, so an ftp hack on port 22 is easy, and might be ‘slightly’ harder if you tell your computer to actually look for ftp traffic on port 3333 or something.

    • Melatonin@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      The one statement “using internal IP addresses” has clarified something to where I’m actually excited to try working on a long-standing problem.

      But how come I’ll get instructions from a program that I have to allow ip “bla.bl.b.blah:80” when that number isn’t my IP? Then I go on my router and do it and the program doesn’t work/port isn’t open? Those kind of problems kill me.

      • dnick@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        This is a really old message, but if you’re still having the same question i could try to answer, but that kind of message is pretty context dependant. For that specific one, it sounds like your program is trying to access something outside your network, like they have a website they need to access to check for updates or something.

        • Melatonin@lemmy.dbzer0.comOP
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          I’m trying to remember the context. I think it was when I was putting in the -arrs, but that doesn’t seem right. If I remember the exact circumstance I’ll pm you, thanks for responding.

  • lolcatnip@reddthat.com
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    7 months ago

    Without invoking any analogies, a port is just a number. When an application on your computer sends or receives data, there is a port number associated with it. A server-side application listens for data with a particular port number, and a client side application needs to send data with the same port number to communicate with the right server application. The operating system uses the port number to route incoming data to the right application, and it ensures that only one application at a time can use any given port number.

    Some port numbers are assigned to specific protocols (by IANA, I believe), like 80 for HTTP and 443 for HTTPS, so when you see a URL, the default port is usually implied by the protocol, but it can always be specified. For instance, https://google.com is equivalent to https://google.com:443. For more obscure protocols without assigned port numbers, you’ll usually see the port number in a URL, and this tends to happen in the same scenarios where you don’t have a domain name, so you’ll also see an IP address in a URL. It also happens when you need to run more than one of the same kind of server on a single machine. For example, when developing an HTTP server app, it’s customary to use port 8080 or 8888 to distinguish it from the “official” server app on the same machine using port 80, so your development server app will have a URL that looks like http://192.168.0.1:8080.

    Typically ports 0-1023 are reserved by the operating system for programs set up by an administrator, and ports starting at 1024 up to a maximum of 65535 are available to any user, so they’re perfect for, say, a Jellyfin server or an app you’re developing. If someone gives you a URL with a port number, especially if it’s above 1023, make sure you trust the owner of the URL, because it can be a giveaway that someone is doing something shady.