this post was submitted on 09 Apr 2024
228 points (95.2% liked)

Asklemmy

43915 readers
842 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

It's the one thing when I'm configuring things that makes me wince because I know it will give me the business, and I know it shouldn't, but it does, every time. I have no real idea what I'm doing, what it is, how it works, so of course I'm blindly following instructions like a monkey at a typewriter.

Please guide me into enlightenment.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 97 points 7 months ago* (last edited 7 months ago) (6 children)

Imagine your computer is a big block of flats and your applications are all people who live in the building.

Mail sent to the building address alone isn't going to reach the intended recipient, because the postman doesn't know what flat to post it to. So they need additional information such as 'Flat 2C'

That's the basic concept of ports. It's basically additional addressing information to allow your computer to direct internet traffic to the correct applications.

When an application is actively listening on a port, it means that they are keeping an eye out for messages addressed to them, as designated by the port number. While an application is sending or receiving messages using a given port number, that port number is considered 'open'.

Now, all sorts of applications do all sorts of things. Some are for the public to use and there are some that are useful within trusted circles, but can be abused by malicious people if anyone in the world can send messages to it. Thus, we have a firewall, which acts as a gatekeeper. A firewall can 'block' a port, denying access to a given group of people, or 'unblock' it, allowing access.

VPNs are a totally different thing. They are literally middlemen for your internet traffic. Instead of directly posting a message to somewhere and receiving a direct reply back, imagine you flew out to Italy to use a post box there and receive replies from there.

[โ€“] [email protected] 1 points 7 months ago

Excellent description.

[โ€“] [email protected] 3 points 7 months ago

i have nothing to add, i just like you analogy

[โ€“] [email protected] 7 points 7 months ago (1 children)

To expand on that analogy... certain services need entry into the building and then from there, they get distributed throughout the building.

Water comes in on the water line.
Electricity comes in on the electric wire.
Internet may come in on coaxial or fiber.
Gas comes in on the natural gas pipeline.

Your computer has ports to deal with basic tasks. These are called "well known port numbers".

https://www.geeksforgeeks.org/50-common-ports-you-should-know/

So while, in theory, you COULD get email in on a non-email port, that wouldn't be expected and would be like feeding water through a natural gas line.

[โ€“] [email protected] 6 points 7 months ago (1 children)

Just reading that URL and I'm sorry (to the author of that article), but there's no way there are 50 ports "you should know". 443, 80, 22, and that's about it. Maybe whatever the SMPT port is just for interest's sake, but that's very rarely going to be important practical knowledge. And there are some ports outside the well-known port range that might be handy. Your VPN's port, your DB's port. But even then, you're not getting anywhere near 50.

[โ€“] [email protected] 8 points 7 months ago (1 children)

Cyber security guy here: we care about 22 for SSH, 443 and 80 for Web traffic, 3389 for RDP and 21 for FTP. Everything else we google and we all have to google 21 and 3389 because we all forget them half the time anyway.

[โ€“] [email protected] 2 points 7 months ago (1 children)

People still use FTP? ๐Ÿ˜ฌ

[โ€“] [email protected] 1 points 7 months ago (1 children)

Is there a better way to get stuff onto my 3DS without removing the SD card

[โ€“] [email protected] -2 points 7 months ago (1 children)

Now I wonder if I can send files to my 3ds from my vita via ftp

[โ€“] [email protected] 2 points 7 months ago

Just for shits and giggles I've sent pictures from my Switch to my Wii with ftp

[โ€“] [email protected] 9 points 7 months ago (1 children)

To expand on port forwarding, consider your router to be the lobby to your apartment building, but you get to choose which rooms are reachable by an outside visitor.

[โ€“] [email protected] 10 points 7 months ago

Port forwarding would be like if all the apartments were listed 1-[x] inside the building, but 1A-1Z, 2A-2Z and so on to outsiders. Someone sends a message to , apartment 2Y, and the lobby knows that actually goes to apartment 51.

[โ€“] [email protected] 13 points 7 months ago* (last edited 7 months ago) (1 children)

I love your analogy for ports, but I'm not sure about the VPN one.

If you imagine network traffic as mail going through the postal system, then a VPN is like a private mail tunnel between two locations, that nobody else can enter or look into. Mail sent via the tunnel is private and nobody else can read it. The person at the other end of the tunnel can either open the mail themselves (ie a VPN from your laptop to your home server to access it when you're away), or forward the mail somewhere else (ie if you're routing Internet-bound traffic through it) and nobody will know it came from you originally.

[โ€“] [email protected] 8 points 7 months ago (3 children)

I'm not sure that's a completely accurate analogy either. When you're using a VPN people can still see that you are sending traffic through your tunnel, they just can't tell what it is that you're sending. It's like looking through frosted glass; there's definitely something moving in there but you can't tell what.

I suppose the best way to describe it is you send a locked box to a trusted friend; everyone handling it can see the box but can't tell what's inside. Inside the box is a letter, your friend posts it so it looks like it came from them. Your friend then gets a reply, puts it in a locked box, and send it back to you. Nobody between you and your friend can snoop on your mail but anyone between your friend and the final destination can.

[โ€“] [email protected] 2 points 7 months ago

Yeah, but if you're communicating with the buttplug store, the specific contents of the box don't really matter. You still want a trusted friend to not tell people where you get your boxes from.

[โ€“] [email protected] 3 points 7 months ago

locked box

As soon as I read this I read the rest of your comment in Al Gore's voice, ca 2k SNL, lol.

[โ€“] [email protected] 2 points 7 months ago

Great point. Analogies are hard :)

[โ€“] [email protected] 35 points 7 months ago (1 children)

To add to your analogy if i may, the firewall is kind of like a security guard or doorman at the building entrance. All mail has to go through him first and if something is addressed to a closed flat (port) he simply doesnt let it get delivered.

[โ€“] [email protected] 17 points 7 months ago* (last edited 7 months ago)

Yep! The security guard is also given a bunch of rules to follow such as "don't let anyone outside of our neighbourhood (aka your local network) contact door 22", which will also determine whether messages get delivered or not