Port number
Definition
A 16-bit integer in the TCP or UDP header that identifies the application-layer service at each endpoint. Well-known ports are assigned by IANA: HTTP is 80, HTTPS is 443, SMTP is 25, DNS is 53. Traffic on unexpected port numbers is a common indicator of tunnelling or evasion.
Related terms
- Beaconing
- Periodic outbound connections from a compromised host to a command-and-control server, typically at regular intervals. The regularity of the interval, measured in...
- DNS tunnelling
- Encoding data inside DNS queries and responses to exfiltrate information or carry command-and-control traffic through a network that permits DNS but blocks...
- Network flow (NetFlow/IPFIX)
- A summary record of a network conversation, storing source IP, destination IP, source port, destination port, protocol, byte count, and timestamps, without...
- Packet capture (PCAP)
- The interception and recording of network packets as they traverse an interface. The raw data is stored in PCAP format and analysed...
- TCP three-way handshake
- The connection establishment sequence in TCP: the client sends SYN, the server responds SYN-ACK, and the client completes with ACK. The timestamps...
Explained in
- Network Protocols and Traffic InterpretationA 16-bit integer in the TCP or UDP header that identifies the application-layer service at each endpoint. Well-known ports are assigned by IANA: HTTP is 80, HT...