IPv4 Addressing Model

In IPv4, addresses are 32 bits in length. They are simply numbers from 0 to 4,294,967,295. For the convenience of humans, these numbers are typically represented in dotted decimal notation. This splits the 32 bit addresses into four 8-bit fields, and then represents each 8-bit field with a decimal number from 0 to 255. These decimal numbers cover all possible 8 bit binary patterns from 0000 0000 to 1111 1111. The decimal numbers are separated by “dots” (periods). Leading zeros can be eliminated. The following are all valid IPv4 addresses represented in dotted decimal:

123.45.67.89 A globally routable (public) address, valid anywhere on the IPv4 Internet
10.3.1.51 An RFC 1918 “private address”, valid only within a specific private internet, typically behind a public IPv4 address
255.255.255.255 The broadcast address for IPv4 (accepted by all nodes in a subnet – cannot be assigned to a node
127.0.0.1 The loopback address for IPv4 (points back to yourself)

Originally there were 5 classes of IPv4 addresses, as defined in RFC 791, “Internet Protocol”, September 1981.

Class A – First bit 02 (0.0.0.0 – 127.255.255.255). 8 bit network number, 24 bit node within network number, subnet mask 255.0.0.0. There are 128 Class A networks, each containing 16.8M addresses.

Class B – First two bits 102 (128.0.0.0 – 191.255.255.255), 16 bit network number, 16 bit node within network number, subnet mask 255.255.0.0. There are 16,384 class B networks, each containing 65,536 addresses.

Class C – First three bits 1102 (192.0.0.0 – 223.255.255.255), 24 bit network number, 8 bit node within network number, subnet mask 255.255.255.0. There are 2M class C networks, each containing 256 addresses.

Class D – First four bits 11102 (224.0.0.0 – 239.255.255.255), used for multicast.

Class E – First four bits 11112 (240.0.0.0 – 255.255.255.255), experimental / reserved (not passed by most routers).

Network Ports

Each IP address on a network node has 65,536 ports associated with it (the port number is a 16 bit value, and 216 is 65,536). Any of those ports can either be used to make an outgoing connection, or to accept incoming connections. There is a list of Well Known Ports which associates particular ports with certain protocols. For example, port 25 is associated with SMTP. There is nothing magical (or E-mail-ish) about port 25. SMTP will work just as well on any other port, e.g. 10025. Use of port 25 for SMTP is simply a convention that many people adopt. Such conventions make it easier to locate the SMTP server on a node you might not be familiar with. To be specific, ports are a Transport Layer thing, and there are really 65,536 TCP ports, and another 65,536 UDP ports for each address. ICMP, which is an Internet Layer thing, does not have any port(s) associated with it.

When you deploy an Internet server (e.g. an SMTP server for sending and receiving E-mail), the software opens a socket (a programming abstraction) in listen mode on a particular port (in the case of SMTP, port 25). An E-mail client that wants to connect to it creates its own socket in connect mode, and tells it to connect to a particular IP address (that of the SMTP server) using a particular port (in this case 25). When the connection attempt reaches the server, the server detects the attempt, and accepts the connection (actually the port on the server that the connection is accepted on will be any available port, typically higher than 1024). A well written server would then make a clone of itself (this is called forking in UNIX-speak), then go back to listening for further connections, while its clone went ahead and processed the connection. When the processing is complete on a given connection, the sockets used would be closed (on both server and client), and the clone of the server will quietly commit suicide.  In theory you could have thousands of clones of the server all simultaneously handling E-mail connections on a single server (given sufficient memory and other resources). Busy web servers (like those at Google) often have many thousands of connections being processed at any given time (but never more than 65,000 on a given interface – each connection uses up one port).

In UNIX, ports with numbers under 1024 are special, and only software that has root privilege can use them. Most common Internet services use ports in that range. There are many Well Known Ports, but here are a few of the more common ones:

22 – SSH (Secure Shell)

25 – SMTP (client to server and server to server E-mail protocol)

53 – DNS (Domain Name System)

80 – HTTP (world wide web)

110 – POP (server to client E-mail retrieval)

143 – IMAP (more modern server to client E-mail retrieval)

389 – LDAP (directory service)

443 – HTTPS (world wide web over SSL)