It’s the one thing when I’m configuring things that makes me wince because I know it will give me the business, and I know it shouldn’t, but it does, every time. I have no real idea what I’m doing, what it is, how it works, so of course I’m blindly following instructions like a monkey at a typewriter.

Please guide me into enlightenment.

You are viewing a single thread.
View all comments
97 points
*

Imagine your computer is a big block of flats and your applications are all people who live in the building.

Mail sent to the building address alone isn’t going to reach the intended recipient, because the postman doesn’t know what flat to post it to. So they need additional information such as ‘Flat 2C’

That’s the basic concept of ports. It’s basically additional addressing information to allow your computer to direct internet traffic to the correct applications.

When an application is actively listening on a port, it means that they are keeping an eye out for messages addressed to them, as designated by the port number. While an application is sending or receiving messages using a given port number, that port number is considered ‘open’.

Now, all sorts of applications do all sorts of things. Some are for the public to use and there are some that are useful within trusted circles, but can be abused by malicious people if anyone in the world can send messages to it. Thus, we have a firewall, which acts as a gatekeeper. A firewall can ‘block’ a port, denying access to a given group of people, or ‘unblock’ it, allowing access.

VPNs are a totally different thing. They are literally middlemen for your internet traffic. Instead of directly posting a message to somewhere and receiving a direct reply back, imagine you flew out to Italy to use a post box there and receive replies from there.

permalink
report
reply
35 points

To add to your analogy if i may, the firewall is kind of like a security guard or doorman at the building entrance. All mail has to go through him first and if something is addressed to a closed flat (port) he simply doesnt let it get delivered.

permalink
report
parent
reply
17 points
*

Yep! The security guard is also given a bunch of rules to follow such as “don’t let anyone outside of our neighbourhood (aka your local network) contact door 22”, which will also determine whether messages get delivered or not

permalink
report
parent
reply
13 points
*

I love your analogy for ports, but I’m not sure about the VPN one.

If you imagine network traffic as mail going through the postal system, then a VPN is like a private mail tunnel between two locations, that nobody else can enter or look into. Mail sent via the tunnel is private and nobody else can read it. The person at the other end of the tunnel can either open the mail themselves (ie a VPN from your laptop to your home server to access it when you’re away), or forward the mail somewhere else (ie if you’re routing Internet-bound traffic through it) and nobody will know it came from you originally.

permalink
report
parent
reply
8 points

I’m not sure that’s a completely accurate analogy either. When you’re using a VPN people can still see that you are sending traffic through your tunnel, they just can’t tell what it is that you’re sending. It’s like looking through frosted glass; there’s definitely something moving in there but you can’t tell what.

I suppose the best way to describe it is you send a locked box to a trusted friend; everyone handling it can see the box but can’t tell what’s inside. Inside the box is a letter, your friend posts it so it looks like it came from them. Your friend then gets a reply, puts it in a locked box, and send it back to you. Nobody between you and your friend can snoop on your mail but anyone between your friend and the final destination can.

permalink
report
parent
reply
3 points

locked box

As soon as I read this I read the rest of your comment in Al Gore’s voice, ca 2k SNL, lol.

permalink
report
parent
reply
2 points

Great point. Analogies are hard :)

permalink
report
parent
reply
2 points

Yeah, but if you’re communicating with the buttplug store, the specific contents of the box don’t really matter. You still want a trusted friend to not tell people where you get your boxes from.

permalink
report
parent
reply
9 points

To expand on port forwarding, consider your router to be the lobby to your apartment building, but you get to choose which rooms are reachable by an outside visitor.

permalink
report
parent
reply
10 points

Port forwarding would be like if all the apartments were listed 1-[x] inside the building, but 1A-1Z, 2A-2Z and so on to outsiders. Someone sends a message to <address>, apartment 2Y, and the lobby knows that actually goes to apartment 51.

permalink
report
parent
reply
7 points

To expand on that analogy… certain services need entry into the building and then from there, they get distributed throughout the building.

Water comes in on the water line.
Electricity comes in on the electric wire.
Internet may come in on coaxial or fiber.
Gas comes in on the natural gas pipeline.

Your computer has ports to deal with basic tasks. These are called “well known port numbers”.

https://www.geeksforgeeks.org/50-common-ports-you-should-know/

So while, in theory, you COULD get email in on a non-email port, that wouldn’t be expected and would be like feeding water through a natural gas line.

permalink
report
parent
reply
6 points

Just reading that URL and I’m sorry (to the author of that article), but there’s no way there are 50 ports “you should know”. 443, 80, 22, and that’s about it. Maybe whatever the SMPT port is just for interest’s sake, but that’s very rarely going to be important practical knowledge. And there are some ports outside the well-known port range that might be handy. Your VPN’s port, your DB’s port. But even then, you’re not getting anywhere near 50.

permalink
report
parent
reply
8 points

Cyber security guy here: we care about 22 for SSH, 443 and 80 for Web traffic, 3389 for RDP and 21 for FTP. Everything else we google and we all have to google 21 and 3389 because we all forget them half the time anyway.

permalink
report
parent
reply
3 points

i have nothing to add, i just like you analogy

permalink
report
parent
reply
1 point

Excellent description.

permalink
report
parent
reply

Asklemmy

!asklemmy@lemmy.ml

Create post

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it’s welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

Icon by @Double_A@discuss.tchncs.de

Community stats

  • 11K

    Monthly active users

  • 5.3K

    Posts

  • 296K

    Comments