Right, let’s talk about the digital equivalent of apartment numbers: ports. Your computer is a single building with a single IP address, but it’s running dozens of services. How does a packet of data know to go to your web browser and not your email client? Ports. They’re just numbers, 0 through 65535, and a few of them are so important they’ve become legendary. We’re going to cover the A-listers.

The Unbreakable Secure Shell (Port 22)

This is SSH. It’s how you, as a competent professional, remotely log into another machine and tell it what to do. Forget Telnet (port 23, which is a museum piece that sends your password in cleartext for anyone to see). SSH encrypts everything, which is why we like it. The basic incantation is simple:

ssh username@192.168.1.100

But the real power users live in their ~/.ssh/config file. It saves you from typing out cumbersome command-line arguments every time. Let’s set up an alias for a server imaginatively named myserver.

# ~/.ssh/config
Host myserver
    HostName 192.168.1.100
    User myusername
    Port 22 # This is default, so it's optional
    IdentityFile ~/.ssh/my_private_key

Now you can just type ssh myserver. See? Civilized. The IdentityFile line points to your private key. Which brings me to the most important SSH best practice: use key-based authentication, not passwords. It’s more secure and frankly, more convenient. If you’re still typing a password to SSH, stop it. Generate a key pair with ssh-keygen, copy the public key over to the server’s ~/.ssh/authorized_keys file, and never look back.

The Workhorse and Its Bodyguard (Ports 80 & 443)

Port 80 is HTTP. It’s the protocol that gave us the web. It’s also hilariously, naively insecure. It sends everything—your passwords, your credit card info, that weird fan fiction you’re writing—in plain, readable text across the network. It’s the digital equivalent of shouting your secrets in a crowded coffee shop.

Port 443 is HTTPS. This is HTTP wearing military-grade encryption (TLS/SSL). It’s the same protocol, but now it’s private and secure. This is so important that modern browsers now shame websites that don’t use 443, and rightfully so. The only thing you should use port 80 for these days is to redirect traffic to 443. Here’s a bare-bones example of why you’d want to check for HTTPS yourself, say, in a Node.js script:

const https = require('https');

// Good - uses port 443 by default for HTTPS URLs
const request = https.get('https://example.com/api/data', (response) => {
  let data = '';
  response.on('data', (chunk) => { data += chunk; });
  response.on('end', () => { console.log(JSON.parse(data)); });
});

request.on('error', (err) => {
  console.error('Something spectacularly failed:', err);
});

The Internet’s Phone Book (Port 53)

This is DNS. You type google.com, but your computer needs an IP address like 142.251.42.206 to actually connect. DNS is the service that does that translation. It’s the unsung hero that makes the internet human-friendly. You can play with it using command-line tools like dig or nslookup.

dig google.com
# Look at the ANSWER SECTION for the IP address (A record)

# Or query a specific DNS server (like Cloudflare's 1.1.1.1)
dig @1.1.1.1 google.com

The pitfall here? If DNS goes down, you go down. Your browser can’t find anything. Your apps can’t connect. It feels like the whole internet is broken, but it’s usually just this one service. Always have a backup DNS server configured (your router usually handles this), and know that giants like Google (8.8.8.8) and Cloudflare (1.1.1.1) offer public, reliable resolvers.

The Digital Post Office (Port 25)

SMTP. This port is used for sending mail between mail servers. Notice I said “between servers.” You, the user, typically don’t use port 25 to send mail from your client (like Outlook or Apple Mail). Those usually use submission ports 587 or 465 with authentication. Port 25 is the backbone, the mail transfer agent (MTA) to MTA traffic.

And here’s the rough edge: Pretty much every residential ISP in the world blocks outbound port 25. Why? Because in the early days, it was the wild west for spam bots. They’d get infected and just start blasting spam directly out on port 25. Blocking it at the ISP level was a blunt but effective solution. So if you’re trying to set up your own mail server from your house, you’ll immediately hit this wall. You’ll need to use your ISP’s SMTP relay or a service like SendGrid or Mailgun for outbound mail.

Talking to the Database (Port 3306)

This is the default port for MySQL. It’s not a protocol unto itself like the others; it’s just the designated parking spot for MySQL database servers. A crucial best practice: never, ever expose this port to the public internet. I’m serious. The number of databases I’ve found wide open on 3306 with a default root password (or no password!) is terrifying. This port should only be accessible from your application servers inside your private network, protected by a firewall. Here’s a typical connection snippet from Python, which would happen from within that trusted network:

import mysql.connector

# This connection would ONLY work from inside the same network/VPC
db = mysql.connector.connect(
    host="192.168.1.50",
    user="myappuser",
    password="SuperSecretPassword123!", # Use environment variables, not hardcoded values!
    database="myappdb"
)

cursor = db.cursor()
cursor.execute("SELECT * FROM users")
results = cursor.fetchall()

The pattern here is that the lower-numbered ports (the “well-known” ports from 0-1023) are where the big, standardized services live. The higher numbers are for ephemeral client connections and your own custom applications. Memorize these few. They’re the foundation of everything else.