On Feb 12, 9:30 pm, Dan N wrote:

> IANA divides port numbers into three groups, well known, registered and
> dynamic/private.

> According to IANA, my server should not use any of the registered ports.
> But if I use of of the dynamic/private ports don't I run the risk of the
> port already having been assigned to some socket? Many of the
> ports in the registered range are not assigned. Would one of them be a
> better choice?

It all depends what you're doing. You haven't given us any clues.

DS

On Wed, 13 Feb 2008 05:06:21 -0800, David Schwartz wrote:

> It all depends what you're doing. You haven't given us any clues.

Yes I have, I'm running a server, something that I need to assign a port to.

Dan

On Feb 13, 5:22 pm, Dan N wrote:
> On Wed, 13 Feb 2008 05:06:21 -0800, David Schwartz wrote:
> > It all depends what you're doing. You haven't given us any clues.
>
> Yes I have, I'm running a server, something that I need to assign a port to.
>
> Dan


What type of server, what port(s) are you thinking of?

On 02/14/2008 05:52 AM, Dan N wrote:
> On Wed, 13 Feb 2008 05:06:21 -0800, David Schwartz wrote:
>
>> It all depends what you're doing. You haven't given us any clues.
>
> Yes I have, I'm running a server, something that I need to assign a port to.

BTW, is it possible you elaborate a bit more what's that something and,
or server is supposed to do.

--
Dr Balwinder S "bsd" Dheeman Registered Linux User: #229709
Anu'z Linux@HOME (Unix Shoppe) Machines: #168573, 170593, 259192
Chandigarh, UT, 160062, India Gentoo, Fedora, Debian/FreeBSD/XP
Home: http://cto.homelinux.net/~bsd/ Visit: http://counter.li.org/

Dan N wrote:
> On Wed, 13 Feb 2008 05:06:21 -0800, David Schwartz wrote:
>
>> It all depends what you're doing. You haven't given us any clues.
>
> Yes I have, I'm running a server, something that I need to assign a port to.
>
> Dan

Pick something not already in use.

See
/etc/services
and
http://www.iana.org/assignments/port-numbers

On Feb 13, 4:22 pm, Dan N wrote:
> On Wed, 13 Feb 2008 05:06:21 -0800, David Schwartz wrote:
> > It all depends what you're doing. You haven't given us any clues.
>
> Yes I have, I'm running a server, something that I need to assign a port to.
>
> Dan

That's still no information at all. What kind of server? Are you going
to be in charge of all the servers running it or will it be
distributed? What is the target user who would be installing and
managing the server? Does it use an existing protocol or a new one?

DS

David Schwartz wrote:
> On Feb 13, 4:22 pm, Dan N wrote:
>> On Wed, 13 Feb 2008 05:06:21 -0800, David Schwartz wrote:
>>> It all depends what you're doing. You haven't given us any clues.
>> Yes I have, I'm running a server, something that I need to assign a port to.
>>
>> Dan

something between 1-65535 should do.

On Thu, 14 Feb 2008 13:27:16 -0800, David Schwartz wrote:

> That's still no information at all. What kind of server?

It's serving widgets. Widgets servers have no IANA assigned port.

> Are you going
> to be in charge of all the servers running it or will it be
> distributed?

It will not be used enough to warrant registering a port with IANA.

> What is the target user who would be installing and
> managing the server?

Because it is serving widgets and there is no port assigned for widgets, it
will not be using well know ports. So it will not require root privilege
to run.

> Does it use an existing protocol or a new one?
If it used an existing protocol the obvious choice would be to use the
port already assigned to that protocol.

So back to my original question:
if I use one of the dynamic/private ports don't I run the risk of the
port already having been assigned to some socket? Many of the
ports in the registered range are not assigned. Would one of them be a
better choice?

Dan

On 13 Feb 2008, in the Usenet newsgroup comp.os.linux.networking, in article
<47b2807f$0$20227$5a62ac22@per-qv1-newsreader-01.iinet.net.au>, Dan N wrote:

>IANA divides port numbers into three groups, well known, registered and
>dynamic/private.
>
>According to IANA, my server should not use any of the registered ports.

You can use any port you wish to. You need only live with the consequences.
The purpose of port registration is to allow others to have some clue where
to connect to your server to find what-ever service you may want to be
providing. Do you want to run it on 25/tcp or 2048/tcp - go for it, but
expect that clients are going to need to know where you've hidden it, and
what sort of protocol (not just network, like TCP or UDP or what-ever, but
the application level protocol - what words are in those packets, in what
order, and so on).

http://www.iana.org/assignments/port-numbers says that ports 0-1023 are
well known ports, providing services on most systems. I mention using
port 25 above, which is the well-known port for SMTP (mail transfer). In
the event that your system was going to send mail to another, your system
would look for a mail server on port 25 on that other server, because that
is what the protocol expects. If you wanted to run a mail server on port
27, you could do so, and not one of the Internet Police Force would come
to your house and beat you to a pulp for trying. By the same token, don't
expect to many other systems in the world to know you're on a non-standard
port. Can you say "compatibility"?

>But if I use of of the dynamic/private ports don't I run the risk of the
>port already having been assigned to some socket?

That's a problem for you when you are configuring the server. Start by
running the command 'netstat -anptu' and see what ports are in use now.
You may not want to try to use those, because any process trying to use
a port that is being used elsewhere will get an error message saying
that the port is in use, and suggesting you go elsewhere.

>Many of the ports in the registered range are not assigned.

Registered Ports are in the range 1024-49151, and please tell me if that
has stopped eleventy-zillion viruses from using those ports. Or have
you looked somewhere else and found that The Cult Of The Dead Cow has
managed to register port 31337 for the family of Back Oriface worms?

>Would one of them be a better choice?

Try it and see what happens. The worst thing you might run into is your
ISP or an upstream is tossing any packets to/from that port into the bit
bucket because it looks like yet another windoze virus, or they could
increase what they charge you because of your attempted mis-use of their
bandwidth..

Old guy

On Feb 14, 6:05 pm, Dan N wrote:

> if I use one of the dynamic/private ports don't I run the risk of the
> port already having been assigned to some socket?

You do no matter what. Why is it a big deal of the port is already
assigned? Nothing prevents an administrator with that issue from
running the server on another port.

> Many of the
> ports in the registered range are not assigned. Would one of them be a
> better choice?

It's hard to say because you are being strangely vague about what
you're doing.

DS

On Fri, 15 Feb 2008 02:05:40 +0000, Dan N wrote:

> On Thu, 14 Feb 2008 13:27:16 -0800, David Schwartz wrote:
>
>> That's still no information at all. What kind of server?
>
> It's serving widgets. Widgets servers have no IANA assigned port.
>
>> Are you going
>> to be in charge of all the servers running it or will it be
>> distributed?
>
> It will not be used enough to warrant registering a port with IANA.
>
>> What is the target user who would be installing and managing the
>> server?
>
> Because it is serving widgets and there is no port assigned for widgets,
> it will not be using well know ports. So it will not require root
> privilege to run.
>
>> Does it use an existing protocol or a new one?
> If it used an existing protocol the obvious choice would be to use the
> port already assigned to that protocol.
>
> So back to my original question:
> if I use one of the dynamic/private ports don't I run the risk of the
> port already having been assigned to some socket? Many of the ports in
> the registered range are not assigned. Would one of them be a better
> choice?

Ummm... You control the server, no?

So just pick one that's not being used.

If you need to know which ones are being used, netstat is a good
beginning.

On Thu, 14 Feb 2008 21:30:23 -0600, Moe Trin wrote:

> You can use any port you wish to. You need only live with the
> consequences.

That's really the crux of the matter, isn't it.

If I start up my server using a port in the dynamic/private range then I
run the risk that the port is already in use by some client on the same
host. When the client started, the tcp stack would have dynamically
assigned it a port and that just might be the one that I want my server to
listen on. So this doesn't seem like a good option. This leaves me with
ports in the well known or registered ranges.

But if I want to adhere to standards what port do I use? IANA says that
the well known and registered ports shouldn't be used without
registration. And my server is using a proprietary protocol that I
really don't have any need to register.

The only choice I seem to have is to not adhere to standards. The
conclusion I've come to is to use a port somewhere in the registered
range.

Thanks

Dan

Dan N wrote:
> On Thu, 14 Feb 2008 21:30:23 -0600, Moe Trin wrote:
>
>> You can use any port you wish to. You need only live with the
>> consequences.
>
> That's really the crux of the matter, isn't it.
>
> If I start up my server using a port in the dynamic/private range then I
> run the risk that the port is already in use by some client on the same
> host. When the client started, the tcp stack would have dynamically
> assigned it a port and that just might be the one that I want my server to
> listen on. So this doesn't seem like a good option.

Yet it is common practice. Cases in point; JBoss - the default
distribution uses a bunch of ports at the start of the dynamic range -
another is apache which is commonly configured to run on port 8080
instead of port 80.
But as these are servers they are usually started when the host starts
so they will be first to lay claim to these port numbers.

> This leaves me with
> ports in the well known or registered ranges.

You could use a port under 1024, as long as it is free - as in not to be
used by any other service you might need to start on the host.

> But if I want to adhere to standards what port do I use? IANA says that
> the well known and registered ports shouldn't be used without
> registration. And my server is using a proprietary protocol that I
> really don't have any need to register.

As was pointed out; you do not need to.
"The purpose of port registration is to allow others to have some clue where
to connect to your server to find what-ever service you may want to be
providing."

> The only choice I seem to have is to not adhere to standards. The
> conclusion I've come to is to use a port somewhere in the registered
> range.

Maybe you should start smaller.
Run up apache. See that you can connect on port 80.
Reconfigure apache to listen on port 8080
reload apache (or stop and start).
See that you can connect on port 8080.

Decide if it is 'bad' that apache is now listening on port 8080.

In article , joe@nospam.duh
(Joe Beanfish) writes:

> Dan N wrote:
>
>> On Wed, 13 Feb 2008 05:06:21 -0800, David Schwartz wrote:
>>
>>> It all depends what you're doing. You haven't given us any clues.
>>
>> Yes I have, I'm running a server, something that I need to assign
>> a port to.
>
> Pick something not already in use.

And make it configurable, so if it turns out someone else is using
the port, you can try another one.

--
/~\ cgibbs@kltpzyxm.invalid (Charlie Gibbs)
\ / I'm really at ac.dekanfrus if you read it the right way.
X Top-posted messages will probably be ignored. See RFC1855.
/ \ HTML will DEFINITELY be ignored. Join the ASCII ribbon campaign!

Charlie Gibbs wrote:
> In article , joe@nospam.duh
> (Joe Beanfish) writes:
>
>
>>Dan N wrote:
>>
>>
>>>On Wed, 13 Feb 2008 05:06:21 -0800, David Schwartz wrote:
>>>
>>>
>>>>It all depends what you're doing. You haven't given us any clues.
>>>
>>>Yes I have, I'm running a server, something that I need to assign
>>>a port to.
>>
>>Pick something not already in use.
>
>
> And make it configurable, so if it turns out someone else is using
> the port, you can try another one.


The port number is important only in the host acting as
the server, the host being connected to. The client will
usually use an ephemeral port, a port assigned by the
operating system when the connection is built up.

Please note that the port numbers are per-host: A server
can use port 12345 to a totally different use than another
server for the same port. This means that for his own host,
the OP can use the port nubers at will. Of course, it is
not a good idea to use a reserved port (1 - 1023) to a
different use than in the 'Reserved Numbers' RFC.

Also, the TCP and UDP ports are distinct entities, but to
avoid confusion, it is a common practice to use same numbers
for a service, if it uses both TCP and UDP. An example is
the DNS with port 53.

--

Tauno Voipio
tauno voipio (at) iki fi

On 15 Feb 2008, in the Usenet newsgroup comp.os.linux.networking, in article
<47b52835$0$20181$5a62ac22@per-qv1-newsreader-01.iinet.net.au>, Dan N wrote:

>Moe Trin wrote:

>> You can use any port you wish to. You need only live with the
>> consequences.
>
>That's really the crux of the matter, isn't it.

Yup. RFCs are interesting standards. They detail an expectation of how
things are to work. You are absolutely allowed to do anything YOU want to
do, but if you expect to work with others, then here are some good ideas
you should follow.

>If I start up my server using a port in the dynamic/private range then I
>run the risk that the port is already in use by some client on the same
>host.

[compton ~]$ /bin/netstat -antu | grep -c tcp
2
[compton ~]$

So there are 2 ports in use out of 65000 - I'd say that's pretty good odds,
wouldn't you? Sure, a lot depends on what you are doing with your system
and I can't answer to that. As a general statement, systems meant to be
offering network services are not meant to be ALSO be being used by J.
Random Luser as his workstation. Looking at the servers on my home LAN,
the file servers have about 60 ports in use. The print server has two. The
gateway box has three.

>When the client started, the tcp stack would have dynamically assigned it
>a port and that just might be the one that I want my server to listen on.

Many people tend to start running servers before any client crap is
started. Depending on your kernel, you may discover that ephemeral ports
used client-side TEND to run over the range of perhaps 1025-32760 or so.

>So this doesn't seem like a good option. This leaves me with ports in
>the well known or registered ranges.

Have you looked at what is running on your server? Are there really that
many ephemeral ports in use? If so, then yes you may want to consider
using something in the well known range - because the original extra
feature about those ports was that a server listening on those ports was
not likely to be a user-land process except in really strange (individual)
situations.

>But if I want to adhere to standards what port do I use? IANA says that
>the well known and registered ports shouldn't be used without
>registration. And my server is using a proprietary protocol that I
>really don't have any need to register.

You would want to choose a port based on inter-operability. Do you expect
your service will be accessed by strangers from outside? If no, then you
can do exactly what you want to do. Your LAN, your rules. Are you
concerned that a packet escaping from your LAN may cause the Internet
Gods to cloud up and rain on you? That's a perimeter firewall issue, but
probably not a major concern. If your server is using a proprietary
protocol, it just means that outsiders will have to come to you to get
the details. Again, probably not a big factor.

>The only choice I seem to have is to not adhere to standards. The
>conclusion I've come to is to use a port somewhere in the registered
>range.

Grab a copy of RFC0793 from your favorite website:

0793 Transmission Control Protocol. J. Postel. September 1981.
(Format: TXT=172710 bytes) (Updated by RFC3168) (Also STD0007)
(Status: STANDARD)

and look at the top of page 5, in the section "Multiplexing:". Here is
the second paragraph in that section:

The binding of ports to processes is handled independently by each
Host. However, it proves useful to attach frequently used processes
(e.g., a "logger" or timesharing service) to fixed sockets which are
made known to the public. These services can then be accessed
through the known addresses. Establishing and learning the port
addresses of other processes may involve more dynamic mechanisms.

[compton ~]$ zcat rfcs/rfc-index.* | sed 's/^$/\%/' | tr -d '\n' | tr '%'
'\n' | grep '^[0-9]' | tr -s ' ' | grep -v 'Not Issued' | sed 's/.*Status:
//' | tr -d '\)' | sort | uniq -c | column
145 BEST CURRENT PRACTICE 1564 INFORMATIONAL
135 DRAFT STANDARD 1667 PROPOSED STANDARD
288 EXPERIMENTAL 88 STANDARD
210 HISTORIC 909 UNKNOWN
[compton ~]$ zcat rfcs/rfc-index.* | sed 's/^$/\%/' | tr -d '\n' | tr '%'
'\n' | grep '^[0-9]' | tr -s ' ' | grep -c 'Not Issued'
80
[compton ~]$

As of 2 February 2008, there were just over 5000 RFCs available, but not
one of them REQUIRES that a service listening on port $FOO must be $BAR
and $BAR must be available on port $FOO if it is running. There is
nothing in those documents that requires anything except for inter-
operability. If you aren't concerned that an outsider may not know how
to connect to your server, I don't think to many other people will care
either. If you expect to have others connect, then you may want to be
following some of the standards (did you notice that there are just 88
RFCs identified as "STANDARD" - a lot of drafts and proposals, but not
that many) - like maybe RFC0894 (Ethernet), RFC0791 (IP), RFC0793 (TCP)
so that your packets can pass over the wire but following the Ethernet
standard[s] doesn't imply that you must ALSO follow IPv4 (never mind
IPv6, Novell IPX, Banyan VINES, Appletalk, or any of the 65000 possible
protocols including the 184 ethertypes identified by
http://www.iana.org/assignments/ethernet-numbers.

If you've been looking at your firewall logs, you may have discovered
that every zombie on every broadband network in the world is trying to
connect to your 22/tcp and 25/tcp - because that's where the SSH and
MTA servers should be listening IF THEY EXIST. Must they be on those
ports only? Not really. My SSH access to my LAN uses a port quite
different from 22/tcp - and the poor zombies can't connect to it. Isn't
that simply terrible? I'm breaking the Internet rules - I'm gonna go to
jail! Am I able to connect to my systems from outside? Yes. Do you
think that I care that unauthorized hosts can't seem to do so? ;-)

Old guy

On Fri, 15 Feb 2008 20:24:21 -0600, Moe Trin wrote:

> As of 2 February 2008, there were just over 5000 RFCs available, but not
> one of them REQUIRES that a service listening on port $FOO must be $BAR
> and $BAR must be available on port $FOO if it is running. There is
> nothing in those documents that requires anything except for inter-
> operability.

Thanks for that, some interesting and useful comments.

Dan