Day 3/100: Understanding Ports

By 0X595

Yesterday (Day 2):
I learned how data moves across the internet — through the OSI model, IP addresses, ports, and protocols like TCP and UDP.

It felt like I finally saw the blueprint of the internet.

But that raised a new question:

“If data moves across IP addresses and ports…
...how do I find out what’s actually running on those ports?”

That’s where today comes in

Today Finding the Open Doors

When you connect to a website, or when an app sends a notification, or when someone logs into a server — that’s all happening through ports.

Each port is like a door assigned to a specific service:

Port — Service
21 — FTP (file transfers)
22 — SSH (remote access)
80 — HTTP (web traffic)
443 — HTTPS (secure web)

If a port is open, it’s a potential entry point. If it’s misconfigured, it’s a potential vulnerability.

Why This Matters

Most beginners (like me a few years ago) run nmap, see 21/tcp open ftp, and move on.

But a real hacker?
They think:

“Can I list files? Can I upload something? Is there a config backup sitting in there waiting to be downloaded?”

That’s the difference between scanning and exploiting.

lesson learnt

I used to look at an Nmap scan and see numbers like:

21/tcp open ftp  
22/tcp open ssh  
80/tcp open http

...and think,
“Cool. What now?”

Truth is — every port number is a story.
A vulnerability. A mistake. A way in.

So starting today, I’m learning and sharing one port a day.
What it does, how it works, and how hackers abuse it.

What to Expect from this sub -Series

Each day, I’ll cover:

What the port is used for ?

What attackers look for ?

Real bugs and tools related to it ?

A quick lab or command you can try

Day 4 Starts with Port 21 — FTP

“The Forgotten File Cabinet Still Sitting Wide Open”
Catch you tomorrow

— 0X595