Network Daemons  «Prev  Next»

Lesson 5 Well-known port numbers and /etc/services
Objective Describe the conventions for establishing an association between certain port numbers and services.

Well-known Port Numbers and /etc/services

When a user opens a telnet connection from his or her machine to another machine, the client telnet process on the originating machine must find the server process on the remote machine. Thus, the client telnet process must know the port number of a telnet server process on the remote machine. Fortunately, the client process does not need to guess this port number. A set of conventions administered by the Internet Assigned Numbers Authority (IANA) establishes an association between certain port numbers and services. These assigned port numbers are called "well-known" port numbers. For example, the “well-known” port number for telnet is 23, so a telnet client can expect to find a telnet server at port 23 on the remote machine. The notion of well-known port numbers has nothing to do with UNIX; it is part of TCP/IP. A telnet client on a UNIX machine expects to find a telnet server at port 23 on the destination machine, regardless of what operating system is running on that machine. The file /etc/services is a list of conventional names for TCP/IP services and associated well-known port numbers:

View the image below to examine some well-known port numbers and /etc/services.

Unix /etc/services file

Network Services Internet Style
  1. Comment lines
  2. Service name
  3. Port number/protocol
  4. Aliases
  5. This line indicates that the telnet service uses TCP port 23.
  6. The domain service uses both TCP port 53 and UDP port 53. These are different ports.

Comment lines, Service name, Port number/protocol

Purpose of etc/services

/etc/services: On UNIX, the configuration file /etc/services maps port numbers to named services. Key point: The purpose of etc/services is so that programs can do a getportbyname() sockets call in their code in order to get the port they should use. For example, a POP3 email daemon would do a getportbyname ("pop3") in order to retrieve the number 110 that pop3 runs at. The idea is that if all POP3 daemons use getportbyname(), then no matter what POP3 daemon you run, you can always reconfigure its port number by editing / etc/services.
If you want to find out what ports programs are using, you should instead use the program lsof to find out exactly which ports are bound to which processes. If running lsof is not appropriate, then you should lookup the ports in a more generic reference.

lsof: List of Open Files

You can use lsof (List of Open Files) in Unix-like operating systems to discover which processes are using specific network ports. This utility provides information about files that are open by processes. In the context of networking, an open file could be a network socket, and these are tied to network connections and thus to ports. ed each connection. For example:
$ lsof -i

The output will display a list of all active network connections. For each connection, it will display the process name, process ID, user who owns the process, the type of the connection (IPv4 or IPv6), the device, the size or off, the node, the name, and the state of the network connection.
If you want to list all processes that are using a specific port, for example, port 80, you can use the following command:
$ lsof -i :80

The output will include only the processes that are using port 80. To list all processes that are using a specific protocol and port, you can use a command in the following format:
$ lsof -i tcp:80

In this example, the output will include only the processes that are using TCP protocol on port 80.
Please note that since lsof gives information about open files, it requires sufficient privileges. Therefore, you may need to use sudo to run the lsof command, especially if you are not the owner of the process:
$ sudo lsof -i

Remember to replace the "80" in the above examples with the actual port number you're interested in. Additionally, replace "tcp" with the protocol you're interested in, which might be "udp", "tcp", or another protocol. lsof is a powerful tool that can help you determine which processes are bound to which ports on your network, but it requires the proper permissions to provide this information.
It is important to realize that the services file merely associates names (telnet, domain[1], FTP) with port numbers. (Just because a line appears in /etc/services does not mean that the corresponding service is available on the machine.) Nor is the
/etc/services file 

particularly informative about what the various services are, what is chargen, for example? (see below) The services file is a bit like the hosts file. Without it, you would have to refer to port numbers, but with it, you can refer to the telnet port. The system can look up telnet in the services file to find out it means port 23/tcp.

The Character Generator Protocol (CHARGEN) is a service of the Internet Protocol Suite defined in RFC 864 in 1983 by Jon Postel. It is intended for testing, debugging, and measurement purposes and the protocol is rarely used, as its design flaws allow ready misuse.

[1]Domain: On the Internet, "domain" is most commonly used to refer to a group of computers whose hostnames share a common suffix, the domain name. The last component of this is the top-level domain.

TCP/IP Illustration