When two hosts (computers, smartphones or any device connected to the network) need to communicate with each other, it is necessary for them to open a TCP or UDP socket to allow communication through the corresponding IP (either public or private) and also the ports . All communications between two or more hosts are carried out at the transport layer level, since it is the first layer where there is a point-to-point communication between two or more computers, and here we could use the TCP protocol or the UDP protocol. Today in this article we are going to explain everything about what a socket is and what differences there are with the typical router ports.
What is a Socket and what is it for?
When two processes that are on different hosts need to exchange information over the network, be it the local network or the Internet, they need to open a socket to establish communication and also to exchange any data streams. Generally, the data flow is done in a reliable and orderly way, however, we depend on whether the processes are using the TCP protocol or the UDP protocol, below, we briefly explain the main characteristics of both protocols:
- The TCP protocol is a transport layer protocol that is connection oriented, this means that before exchanging the real data there is a previous step to establish a communication. This protocol also guarantees that all data transmission is done without errors, TCP itself is responsible for resending the data again in case the receiver does not receive it on time or receives it damaged, in addition, it also guarantees the order, for what we make sure that the processes will receive all the data in order from its origin.
- In the case of the UDP protocol, it is not connection-oriented, there is no previous step in the communication, but rather the data is sent directly. This protocol does not guarantee that the transmission will be carried out without errors, although it will do everything possible so that it does, and it also does not guarantee the order of the datagrams that the origin sends to the destination. The positive part of UDP is that it has a very small header and is very fast, since there is no connection establishment phase.
For two processes to be able to communicate with each other, it is necessary for one process to be able to locate the other, and for both processes to be able to exchange information over the network. Of course, we are using a client-server architecture, so one of the two processes must initiate the communication. For two processes to communicate we need to have a socket.
A socket, regardless of whether we use the TCP protocol or the UDP protocol, is defined by the following parameters:
- Transport layer protocol used: TCP or UDP
- Source IP address: can be a public or private IP.
- Destination IP address: can be a public or private IP.
- Source or local port: this port is usually between ports 49152 to 65535, they are called dynamic or private ports. But it doesn’t have to be this way, you can use any source port, for example a web server that uses port 443 for HTTPS connections will use source port 443 for connections.
- Destination or remote port: this port can be any port, it is necessary that the other process or host is listening to this port.
Thanks to all these parameters, we can make each of the connections made unique, in this way, both the source and the destination can perfectly identify the connection and start exchanging data.
How many sockets can you have in a team?
For each of the connections that we make outside our equipment, we need a socket so that we can exchange information between the different processes. In a particular computer we can have a large number of open sockets, although this will depend both on the hardware of the computer and also on the operating system, since it is the operating system that will be in charge of managing all the sockets (creating and deleting them). When we open a new socket, it must be unique to uniquely identify the connection.
In the case of web servers, each of the client connections is defined by a socket, for example, imagine that a total of three clients connect to our web server, each socket will be different, moreover, depending on whether we look the status of the connection on our local or remote computer, the pair of IP and ports will change from source to destination and vice versa.
In the following example, we can see the sockets created on a web server, looking at these sockets from the web server itself.
- User 1
- Protocol: TCP.
- Source IP: 77.77.77.77 (the client).
- Destination IP: 88.88.88.88 (us).
- Source or local port: 49152 (the client).
- Destination or remote port: 443 (we use HTTPS).
In the case of the second user, we would have:
- User 2
- Protocol: TCP.
- Source IP: 71.71.71.71 (the client).
- Destination IP: 88.88.88.88 (us).
- Source or local port: 49152 (the client).
- Destination or remote port: 443 (we use HTTPS).
In this case, only the source IP has changed, but as soon as one of the four parameters changes, we already have a new socket that allows us to uniquely identify the connection. That client can still use source port 49152 as the first, but the source IP will be different. As soon as one of the four parameters changes, we are already in another totally different process and there is no problem to identify it properly.
How to see all sockets in the system
In Windows operating systems we can see all the system sockets that are open, simply by executing the following command at the command prompt with administrator permissions:
netstat
In the following image you can see the TCP protocol, the local address that is formed by IP:PORT and also the remote address that is formed by IP:PORT. Finally, it also indicates the status of the connection.
In Linux operating systems there is also netstat, or rather, there was, because now it is considered “deprecated”. The substitute is the “ss” command that has the same functionalities but allows us more display options. If you’re using a Linux-based operating system, you can run the following command to see all sockets:
ss
Now that we have seen what a socket is, let’s see how it differs from ports.
What is the difference with the ports
A TCP or UDP socket is often confused with TCP or UDP ports. A socket, as we have said before, is made up of the transport layer protocol, the source and destination IP address, as well as the source and destination ports. The “ports” are only part of the socket, a fundamental part but only a part, in order to form a socket it is also necessary to have the corresponding IP addresses so that there can be point-to-point communication between two processes.
When we open a port in the router, what we are really doing is allowing communication from the outside (Internet) to the inside of the local network, going through the NAT that all routers have for the IPv4 protocol. When we are in a NAT environment, the router will take care of translating the private IP addresses into the public one, in order to correctly route all traffic to the Internet.
In the event that any client inside the NAT wishes to communicate with a web server that is on the Internet, the socket that this local client will create will be something like this:
- Protocol: TCP.
- Source IP: 192.168.1.2 (us).
- Destination IP: 88.88.88.88 (the web server).
- Origin or local port: 49152 (us).
- Destination or remote port: 443 (web server).
The router will then take this connection, and translate it into the following, so that it can be routed over the Internet, creating a new socket between the router and the remote web server:
- Protocol: TCP.
- Source IP: 20.20.20.20 (our public IP).
- Destination IP: 88.88.88.88 (the web server).
- Origin or local port: 49152 (us).
- Destination or remote port: 443 (web server).
In the event that the communication is the other way around (from outside the NAT to inside the NAT), it is when we must open a port in our router so that the server can be reached from the outside, otherwise, the firewall of the router will stop all communication.
