With reference to computers, an average user typically associates the term “port” with a physical port such as a printer port, a keyboard port, or a mouse port.
However, there exists another type of port—a “logical port” that is used by a computer to communicate with one or more other computers. Networking protocols such as the transport control protocol (TCP) and user datagram protocol (UDP) use such logical ports for Internet protocol (IP) communications. Logical port 80 for example, is the default, well-known port for hyper-text transport protocol (HTTP) communications related to the World-Wide Web (WWW). Other examples include the file transfer protocol (FTP) that uses port 21, simple mail transfer protocol (SMTP) that uses port 25, and telnet that uses port 23.
A computer that operates as a server device makes its services available to the Internet using these logical ports, one port for each service application that is available on the device. For example, if the server device is running a Web service and an FTP service, the Web server would typically be available on port 80 while the FTP server would be available on port 21.
A second computer that is a client device can access these services provided by the server, by using a “socket.” A socket comprises an IP address followed by a logical port number. Once a connection has been made to one or more logical ports, the client has access to the services provided by these ports subject to using the correct protocol. The protocol used is usually determined by the need to have reliable or unreliable communications. Transmission Control Protocol (TCP) is a reliable protocol designed for transmitting digital data through a packet switching network. It can stop and correct itself when data is lost. This protocol is used to guarantee sequenced, error-free transmission, but its very nature can cause delays and reduced throughput. This can be annoying, especially with audio. User Datagram Protocol (UDP) within the IP stack, is by contrast, an unreliable protocol in which data is lost in preference to maintaining the flow.
Multiplexing, which is a feature of the TCP/IP protocol stack, allows a computer to maintain several concurrent connections with a remote computer (or computers) using different TCP or UDP ports. FIG. 1 can be used to illustrate one such connection between two client devices personal computer (PC) 105 and PC 145. When PC 105 transmits an IP data packet intended to be received by PC 145, the IP data packet is initially routed to server 125 that may be located at an Internet service provider's facility to provide Internet services to PC 105. A second server (not shown) performs a similar function for PC 145 that is at a remote location with respect to PC 105. The data packet is routed along the dotted line path 101 of FIG. 1, to reach its destination device—PC 145.
The IP data packet that is transmitted from PC 105 contains a header having the following information:                Source Address The source address is the IP address of the originating computer PC 105, which may be, for example, 201.3.83.132.        Source Port The source port is the TCP or UDP port number assigned by originating PC 105 for this data packet, for example, port 1080 of PC 105.        Destination Address The destination address is the IP address of the receiving computer PC 145, which may be, for example, 145.51.18.323.        Destination Port The destination port is the TCP or UDP port number that the originating PC 105 is requesting the receiving PC 145 to open, which may be, for example, port 3021.        
The addresses specify the two computers at each end, while the port numbers ensure that the connection between the two computers uses specific network ports. The combination of these four numbers defines a single TCP/IP connection. Each port number uses 16 bits, which therefore corresponds to a theoretical maximum of 65,536 (216) values.
Firewalls 110 and 140 that are associated with PCs 105 and 145 respectively, are used to authenticate connections for each of these two PCs, while preventing unauthorized access by hostile users. This is accomplished by configuring the firewalls to have only a limited number of ports open for universal access, while other ports are configured to be blocked or unblocked based upon the requirements of specific applications as well as various levels of security desired. Consequently, while it may be desirable, in an ideal situation, to have all ports (TCP, UDP, FTP etc.) unblocked at all times, it is unrealistic to do so because of security concerns.
If a user of PC 105 desires to operate an application program, such as Microsoft® NetMeeting™ program to communicate with a user of PC 145, the communication in a sense, is carried out via the dotted line path 101 of FIG. 1. Several IP ports are required for establishing this Microsoft NetMeeting™ connection. Consequently, firewalls 110 and 140 have to be configured to allow communication through the following ports:
PortFunction 389Internet Locator Service (TCP) 522User Location Service (TCP)1503T.120 (TCP)1720H.323 call setup (TCP)1731Audio call control (TCP)DynamicH.323 call control (TCP)DynamicH.323 streaming (RTP over UDP)
Furthermore, to establish outbound Microsoft NetMeeting™ connections through a firewall, the firewall is also configured to:                Pass though primary TCP connections on ports 389, 522, 1503, 1720, and 1731.        Pass through secondary TCP and UDP connections on dynamically assigned ports (1024-65535).        
While the Microsoft NetMeeting™ example above, is one example of a communication between two PCs, other applications such as CU-SeeMe™ and BellSouth™ Instant Messaging each have their own unique requirements for port access, configuration, and operation. Naturally, this raises several issues related to configuring firewalls to provide security while simultaneously accommodating a range of applications to be operated upon, on an individual basis by a wide variety of users on a wide variety of machines.
The first issue in configuring a firewall relates to the technical skills required of an end-user. Such skills are required to carry out tasks such as obtaining operating information and other technical details about his firewall, obtaining logical port configuration information for each desired application, and ensuring that the firewall has been suitably configured for providing appropriate access to one or more ports for one or more applications residing on his PC without unnecessarily compromising security. It can be appreciated that this type of requirement places an undue burden on an average user.
The second issue relates to the inadequacy of existing tools in providing information to a end-user for carrying out the necessary port configuration. Typically, a user of PC 105 for example, on attempting to run an application such as Microsoft NetMeeting,™ might discover that he is unable to set up a working link with the desired remote computer (for example, PC 145). When this happens, an existing troubleshooting tool may inform him that there is a configuration error. Such a message fails to pinpoint the cause of the failure. While one cause of failure can be a faulty port configuration set-up, either at his end or at PC 145, a second cause of failure may be a faulty device between PC 105 and PC 145. Such devices include server 125 and several other network elements of Internet 130 that are associated with path 101.
Even if the tool informs the user that the failure is due to a faulty port configuration, it may yet fail to reveal if the port configuration fault is at his end or if it is at the remote end. For example, the user of PC 105 may erroneously assume that his firewall 110 is at fault, when in reality it is firewall 140 that has been improperly configured.
Furthermore, while tools such as port-scanning software, may be utilized to test various ports for vulnerabilities to illegal attacks through the firewall, typically, these tools are geared towards providing computer security, and consequently fail to provide information that will assist a user in correctly configuring a set of ports that are uniquely used by a particular application, such as Microsoft NetMeeting™.
It can therefore be understood that a need exists to provide a solution that can be used to configure logical ports for operating one or more applications resident on one or more PCs of a network.