A port on computer networks is a natural number that is written in the OSI protocol header. It is intended to identify the process of the recipient of the package in one host.
As a rule, in a user space on a host with an installed OS, several processes occur simultaneously, and a specific program runs in each of them. If these programs affect the computer network, the “shell” from time to time receives through it an IP packet, which is intended for one of the programs.
How it works?
If the program uses data exchange over the network, this process can occur as follows:
- The OS is prompted for a specific port number. In this case, the system can both provide it to the program and prohibit the transfer (this happens in cases where this port number is already used by another application).
- The OS is asked for a non-specific port number, in any free one. The system itself selects it and provides it to the program.
How to open a port (8080, 80 and so on)? Inside the network, information is exchanged according to a specific protocol (between two processes). For the connection to be established, the following is required:
- IP addresses of the recipient and sender hosts (necessary so that a route is built between them);
- Protocol number;
- The numbers of both ports (receiver and sender).
If the connection is via TCP, the sender port is used both by the recipient OS to transmit confirmation of the received data, and by the recipient process to transmit the response.
Open and closed ports
On the sender’s side, the host and port number act as an analogue of the return address indicated on the envelopes. This number is called the reverse.
In cases where any process on the host permanently uses the same port number, such a port is considered open. For example, a server-related program can use 80 or 8080 all the time for communication. When a process cannot open a port, it is considered closed.
Port numbers
All ports have their numbers registered in the prescribed manner. Each of them is intended for its specific purpose. So, when working on the Internet, you can often see port 8080. What is this functionality for?
According to official data, this port works over TCP and is intended for use with HTTP. Unofficially, it is also used by the Tomcat servlet container, written in Java.
TCP port 8080 may use a specific protocol for communication, depending on the application. A protocol is a set of formalized rules that explains how data is transmitted over a network. This can be imagined as a language that is used between computers to help them communicate more effectively.
The HTTP protocol, which runs through 8080, defines the communication format between Internet browsers and websites. Another example is IMAP, which defines the relationship between IMAP mail servers and clients, or, finally, SSL, which specifies the format used for encrypted messages.
Data transfer
Therefore, TCP port 8080 uses the transmission control protocol. It is one of the main protocols in TCP / IP networks. While IP only deals with packets, TCP allows two hosts to establish a connection and exchange data streams. It guarantees their delivery, and that the packages will be delivered to port 8080 in the same order in which they were sent. Guaranteed communication over 8080 is the key difference between TCP and UDP. UDP 8080 would not guarantee a connection either.
How to open port 8080 in Windows 7?
To do this, go to the Start menu and find the Control Panel. In it, you need to click on the "Network" submenu and find "Firewall" in it. In the “Exceptions” tab, find the “Add port” item. You will see a dialog box in which you will need to enter the port number. Make sure TCP is specified in the settings, and then select OK.
How to close port 8080? To do this, just configure the connection to another specific port.
Advanced HTTP and TCP proxy settings
The HTTP protocol runs on top of the TCP protocol, but provides additional information about the purpose of the message. For this reason, two proxies are configured differently.
HTTP traffic includes the destination host and port for the message. It is sent over a TCP connection with a TCP endpoint, that is, between a specific host and port. Typically, an HTTP message points to the same endpoint as a TCP connection. If you reconfigure the client to use an HTTP proxy, the connection is made to a different host and port, instead of the one specified in the HTTP URLs. This means that the TCP endpoint in the message is different from the endpoint to which it is connected.
For example, if an HTTP request is sent to the page http://192.0.2.1:8080/operation, the request includes “192.0.2.1:8080” in the “Host” header of the HTTP message that is sent to port 8080 on the 192.0 host. 2.1.
However, if you configure the HTTP client to use a proxy server, the underlying TCP connection goes to the TCP endpoint for it, while the messages still contain the source endpoint.
For example, if you configure the client to send its messages to the proxy server at 198281.100.1 port 3128, and the client sends a request for http://192.0.2.1:8080/operation, the message still contains "192.0.2.1: 8080" in the “Host” header, and now also in the “Request-Line” field. However, this message is now sent over a TCP connection at 198.51.100.1{128. Thus, an HTTP proxy server can receive messages on one port (proxy port 8080) and can forward them to several different services based on recipient information.
How to configure connection accepting through port 8080?
So, the Host header has been added in HTTP / 1.1. HTTP / 1.0 connections does not include it. For this reason, such connections that do not pass through the proxy do not include the host and port for the message. However, the HTTP / 1.0 information sent through the proxy server still contains the target host and port in the “query string”. Therefore, the absence of the “Host” header does not cause a problem for the proxy.
To enable the TCP proxy, you must change the client configuration from the real-time TCP endpoint to the replaceable endpoint. Unlike HTTP, this protocol does not provide built-in proxy capability. That is, if you connect to the proxy server via TCP, there is no mechanism provided for transmitting information to the final destination.
How to set up multiple connection using 8080?
The only way for a TCP proxy server to allow connections to multiple systems (i.e., to destination endpoints), regardless of what traffic is sent on these connections, is to listen on a different port for each of the systems. This allows you to connect and maintain information about which of its port numbers corresponds to each endpoint. Then the client is configured with a proxy port corresponding to each system with which it needs to connect. The TCP proxy ports for listening and their corresponding endpoints are configured in the <forward> statements in the proxy configuration file, RTCP_install_dir / httptcp / registration.xml. First of all, you need to check port 8080 - if it is open by default, further settings will be made in a few minutes.
In this example, 198.51.100.1 is the IP address of the proxy server. Any traffic sent to port 3333 to the proxy server is sent to port 8080 at www. Example. com:
<Forward bind = "198.51.100.1{333" destination = "www. Example. Com: 8080" />
Therefore, you must modify the client configuration file whenever you add a new destination for traffic. This restriction does not apply to HTTP proxies.
Interaction between HTTP and TCP
To understand how ports are handled in HTTP and TCP proxies, suppose you have two services: on 192.0.2.1:8080 and 192.0.2.1:8081, and a proxy running on 198.51.100.1. If they differ by IP address, and not by port number, this example will be the same, except for the corresponding address for each service. If they expect HTTP traffic to a single HTTP proxy port, requests to both TCP endpoints can be sent to it. When HTTP sees that the message is addressed to 192.0.2.1:8080, the proxy redirects the message to this address or applies any rules that it has for this service. The same procedure applies to 192.0.2.1:8081 using the same port.
If these two services instead expect TCP traffic, two TCP proxy ports must be opened, defined by the two <forward> elements in the configuration file:
<Forward bind = "198.51.100.1{333" destination = "192.0.2.1:8080" />
<Forward bind = "198.51.100.1{334" destination = "192.0.2.1:8081" />
The client configuration for the first service changes from "192.0.2.1:8080" to "198.51.100.1lla333", and for the second - from "192.0.2.1:8081" to "198.51.100.1{334". The client sends a message (TCP packet) to the first service at the first address.
The proxy server receives it on this port (3333), but does not know what data is sent over this connection. All he knows is the connection to port 3333. Therefore, the proxy server consults its configuration and sees that traffic to this port should be redirected to 192.0.2.1:8080 (or that a rule for this service needs to be applied to it). If you cannot redirect all your HTTP traffic because the client configuration does not support the HTTP proxy configuration, you should use a reverse HTTP proxy.
In it, instead of the destination URL, you specify the one you need. This process is similar to the process of configuring a TCP proxy server, in which you specify it as the TCP endpoint for the message in the client system and create a forwarding rule.
The difference is that you add a type attribute to the rule that defines HTTP, as in the following example: <forward bind = "198.51.100.1∗333" destination = "192.0.2.1:8080" type = "HTTP" />.
How is traffic going?
Now the proxy server is configured to accept only HTTP traffic to the designated port, and can apply richer filtering. For example, a server can filter traffic to a stub that does not have a specific path in its URL, or that does not use a specific HTTP method, such as POST. However, since the stub does not always work, the server still needs a destination from the <forward> element to be able to send traffic to the system. For example, suppose a client needs to connect to a service at 192.0.2.1:8080 and use a reverse HTTP proxy at 198.51.100.1lla333.
Before the client can use the proxy server, the client configuration for this service must be changed from the URL, for example http: // 192.0.2.1:8080/ operation, to http: // 198.51.100.1lla333/ operation. A request that is sent to this new URL gets to the proxy server.
The request message contains the TCP endpoint for the proxy (198.51.100.1{333) in the "Host" header, and not the system address, because the client does not know that it is sending a redirected message. This simplified client role determines the nature of such a connection. Thus, the proxy uses <forward> elements to know that a request arriving at port 3333 requires one of the following: it must be redirected to the living system at 192.0.2.1:8080, and the “Host” header in the message must be updated. For the message must apply all the rules of this service, for example, routing to stub.