Among the three main types of IP addresses, three areas are reserved as private addresses. The address ranges are as follows:
Class A address: 10.0.0.0~10.255.255.255
Class B address: 172.16.0.0~172.31.255.255
Class C address:
The destination address of the multicast packets from 192.168.0.0 to 192.168.255.255 uses a class D ip address, and the range is from 224.0.0.0 to 239.255.255.255.
Class d addresses cannot appear in the source ip address field of ip packets. 224.0.0.0~224.0.0.255 are reserved multicast addresses (permanent group addresses), which can only be used in LAN, and routers are not forwarded addresses. 224.0.0.0 is reserved for allocation, and other addresses are used by routing protocols.
224.0.1.0~238.255.255.255 are multicast addresses (temporary group addresses) available to users, which can be used on the Internet.
239.0.0.0~239.255.255.255 are locally managed multicast addresses, which are only valid in a specific local range.
Port principle
Comparing a server to a house, a port can be compared to a door leading to different rooms (services). Intruders usually use scanners to scan the ports of the target host to determine which ports are open.
The local operating system will assign protocol ports (protocal ports, which we often call ports) to those processes that need them. Each protocol port is identified by a positive integer, such as 80, 139, 445, and so on. When the destination host receives the datagram, it will send the data to the corresponding port according to the destination port number in the header of the message, and the process corresponding to this port will receive the data and wait for the next set of data to arrive. Having said that, the concept of ports still seems abstract, so continue with me and don't go away.
Ports are actually teams. The operating system assigns different teams to each process. Datagrams are pushed into the corresponding team according to the destination port, waiting to be used by the process. Under very special circumstances, this team may also overflow. However, the operating system allows each process to specify and adjust the size of its own team. Not only does the process that receives the datagram need to open its own port, but the process that sends the datagram also needs to open the port. In this way, the active port will be identified in the datagram, so that the receiver can smoothly return the datagram to this port.
Port range
Range: 0-65535
Fixed port: 0-1023 1024 reserved
Dynamic port: 1024-65535
Dynamic port is not fixedly bound to a service, the operating system dynamically allocates these ports to each process, the same process is allocated twice It may be assigned to a different port. However, some applications are reluctant to use the dynamic ports allocated by the operating system. They have their own "branded" ports, such as port 4000 of the oicq client and port 7626 of the Trojan Binghe, which are all fixed and famous.
Port function
The yellow ones are: Port items that must be checked in the heavy protection and network protection operations.
Commonly used ports
21:FTP
22: The background entrance of SSH service linux service. Used to capture hacking and uploaded files
23:Telnet
25: SMTP
53: DNS (UDP)
69: TFTP (cisco, similar to FTP)
79: Finger
80: HTTP
110: POP3
111: RPC remote procedure call
113: windows authentication service
119: NNTP network newsgroup transfer protocol
135: RPC remote Procedure call
137: NetBIOS, 139: windows file and printer sharing, samba service and 445 in Unix are SMB
143: Imap
161: SNMP Simple Network Management Protocol
389: LDAP
443: HTTPS web page
445: SMB is mainly used for file sharing
512, 513, 514: linux r
873: Rsync
1080: socks proxy service
2601, 2604: zebra routing, default password zebra
3389 RDP service windows remote desktop service
5900: VNC desktop remote control service (similar to RDP)
6379: Redis service (unauthorized access)
7001: weblogic (deserialization vulnerability, SSRF, weak password)
8080: tomcat: user www proxy service; alternate port for http service
Trojan virus
5554: worm.Sasser virus uses port
7626: Glacier virus
8011: WAY2.4 virus
7306: Netspy3.0 virus
1024: YAI virus
Middleware
7001,7002: weblogic
9080: webshpere application
9090: webshpere management tool
8080: Tomcat default port
Jboss usually occupies ports 1098, 1099, 4444, 4445, 8080, 8009, 8083, 8093, the default is 8080
database
3306:mysql
1433:sqlserver server
1434:sqlserver monitor
1521:oracle
5432:PostgreSQL
1158:ORACLE EMCTL
8080:Oracle XDB
2100:Oracle XDB FTP
Special services (vulnerabilities)
443: SSL heart
drip 512,513,514: Rsync unauthorized access
873: Rsync unauthorized access
2375: docker remote api vulnerability
5984: CouchDB
6379: redis unauthorized
7001, 7002: WebLogic default weak password, deserialization
9200 ,9300: Unauthorized access to
elasticsearch 11211: Unauthorized access to memcache
27017,27018: Unauthorized access to Mongodb
28017: mongodb statistics page
50000: SAP command execution
50070, 50030: unauthorized access to hadoop default port
Port table summary
https://blog.csdn.net/Faremax/article/details/75674926
references
Link: https://www.jianshu.com/p/048963e312bc
Link: https://blog.csdn.net/qq_17204441/article/details/89063083