7  Transport layer – ports

  • The transport layer must be able to separate and manage multiple application layer protocols, which may themselves open many individual sessions. For example, when you open multiple tabs in a web browser to view multiple webpages, the application layer protocol HTTP creates a separate session for each tab.
  • At the same time as viewing multiple tabs you may also send email, instant messages and download files. Each of these activities requires an application layer protocol to establish simultaneous access to the network via the transport layer protocols TCP and UDP. The transport layer protocols need to track this activity and ensure that received data is directed to the correct application layer protocol otherwise, for example, webpage data may be directed towards an email application.
  • TCP and UDP manage these multiple processes by using unique port numbers contained within the header field. They add the unique port numbers to the PDU created when encapsulating application layer data into segments and datagrams, respectively.
  • Application layer protocols have different requirements from the transport layer. Some require reliable delivery of data (e.g. HTTP, FTP), whereas other require a low-delay service (e.g. DNS). Different application layer protocols are designed to operate with either TCP or UDP based on these requirements.
  • This link between the application and transport layer protocols is based on the ports selected to support the individual sessions supported by the transport layer. There are 65,535 port numbers available, and these are divided into three ranges:
    • Well-known ports (0 to 1023). These are reserved, and are commonly used by HTTP, SMTP, POP3, FTP, DNS, etc. Because they are reserved, client applications can be programmed to request a connection to a specific port and its associated transport layer service (TCP or UDP).
    • Registered ports (1024 to 49151). These are assigned to user processes or applications, typically programs that you have chosen to install on your computer that require network connectivity (e.g. games and messaging services). When not assigned to a particular installed program, they can be used in the same manner as dynamic ports.
    • Dynamic or private ports (49152 to 65535). These are assigned dynamically to client applications when the client initiates a connection to a service.
  • You can find a current list of port numbers and the associated applications on the Internet Assigned Numbers Authority (IANA) [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] website. This organisation is responsible for managing a variety of Internet related matters, including ports and IP addresses.

Source and destination ports in transmitting data

  • In the diagram above, client device PC1 initiates a connection to the WWW using HTTP. HTTP selects a source port of 1025 from the registered range, which it uses to send and receive data to and from the transport layer. It also chooses a destination port of 80 from the well-known range, which the web server will be monitoring by default for incoming HTTP requests.
  • Because HTTP requires reliable delivery of data, TCP on PC1 is chosen to support the connection, as it is coded to relate destination port 80 with HTTP. TCP encapsulates the HTTP request with a header containing sequencing, acknowledgment and windowing information, and performs a three-way handshake with the WWW server. The segment is encapsulated in an IP packet for forwarding across the network. In the diagram below note the destination and source addresses that are used.
  • The WWW server establishes a TCP connection to the client and communicates with the local HTTP process to send the webpage the client has requested. It uses a source port of 80 (because it is a server), and a destination port of 1025, which it now knows PC1 is using to support HTTP. Once again, it is the well-known port of 80 that links HTTP to TCP, and the reliable transport service that it provides.
  • You can see the same exchange in the diagram below, which shows the TCP/IP protocol stack for client PC1 and the WWW server devices:
  • HTTP on PC1 accesses the transport layer via registered range port 1025. Because port 80 has been chosen as a destination port, TCP is used to segment and encapsulate the HTTP data before passing it to the Internet layer protocol IP. The IP protocol encapsulates the TCP segment, adding source and destination IP addresses to create a packet, which is passed to the network access layer. If we assume the client is using an Ethernet network interface card (NIC), the Ethernet protocol will encapsulate the packet, adding source and destination media access control (MAC) addresses to create a frame.
  • The resulting frame is sent to the WWW server, where the reverse process, or de-encapsulation, takes place. The frame is received by the NIC, which recovers the packet it contains and hands it to the IP. The IP recovers the segment from the packet and passes it to TCP, which uses the destination port to deliver it to HTTP.
  • In the description above, you can see that PC1 is also sending an email to the WWW server. Note that it selects another registered range port, 1041, as a source for the local SMTP process, and well-known port 25 as its destination.
  • The WWW server is also running an email server process, which by default monitors well-known port 25 for incoming email requests. Because of the way TCP is coded, it will accept this connection based on the well-known port being used.
  • Because PC1 is running web browser and email software, every time you open a new browser tab or send an email it selects different registered range source ports. This allows the local TCP process to track the multiple application layer services it is supporting.
  • As the WWW server is a server, it will always associate application layer protocols with the well-known ports assigned to them by IANA. Thus, the WWW server can support multiple client PCs via a single well-known port.
  • You may be wondering why the WWW server is able to communicate with multiple devices via a single port. This is because all clients have a unique IP source address, which can be combined with the source port they have chosen to form a socket. In our example, PC1 has an IP address of, and is using source port 1025. This results in a socket of, which will uniquely identify PC1 to the WWW server.

6  Transport layer – UDP

8  Internet layer – IPv4