This article needs additional citations for verification. (November 2017)
A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.
Because of the standardization of the TCP/IP protocols in the development of the Internet, the term network socket is most commonly used in the context of the Internet protocol suite, and is therefore often also referred to as Internet socket. In this context, a socket is externally identified to other hosts by its socket address, which is the triad of transport protocol, IP address, and port number.
The term socket is also used for the software endpoint of node-internal inter-process communication (IPC), which often uses the same API as a network socket.
The use of the term socket in software is analogous to the function of an electrical female connector, a device in hardware for communication between nodes interconnected with an electrical cable. Similarly, the term port is used for external physical endpoints at a node or device.
The application programming interface (API) for the network protocol stack creates a handle for each socket created by an application, commonly referred to as a socket descriptor. In Unix-like operating systems, this descriptor is a type of file descriptor. It is stored by the application process for use with every read and write operation on the communication channel.
At the time of creation with the API, a network socket is bound to the combination of a type of network protocol to be used for transmissions, a network address of the host, and a port number. Ports are numbered resources that represent another type of software structure of the node. They are used as service types, and, once created by a process, serve as an externally (from the network) addressable location component, so that other hosts may establish connections.
In practice, due to the proliferation of the TCP/IP protocols in use on the Internet, the term network socket usually refers to use with the Internet Protocol (IP). It is therefore often also called Internet socket.
An application can communicate with a remote process by exchanging data with TCP/IP by knowing the combination of protocol type, IP address, and port number. This combination is often known as a socket address. It is the network-facing access handle to the network socket. The remote process establishes a network socket in its own instance of the protocol stack, and uses the networking API to connect to the application, presenting its own socket address for use by the application.
A protocol stack, usually provided by the operating system (rather than as a separate library, for instance), is a set of services that allow processes to communicate over a network using the protocols that the stack implements. The operating system forwards the payload of incoming IP packets to the corresponding application by extracting the socket address information from the IP and transport protocol headers and stripping the headers from the application data.
The application programming interface (API) that programs use to communicate with the protocol stack, using network sockets, is called a socket API. Development of application programs that utilize this API is called socket programming or network programming. Internet socket APIs are usually based on the Berkeley sockets standard. In the Berkeley sockets standard, sockets are a form of file descriptor, due to the Unix philosophy that "everything is a file", and the analogies between sockets and files. Both have functions to read, write, open, and close. In practice the differences strain the analogy, and different interfaces (send and receive) are used on a socket. In inter-process communication, each end generally has its own socket.
In the standard Internet protocols TCP and UDP, a socket address is the combination of an IP address and a port number, much like one end of a telephone connection is the combination of a phone number and a particular extension. Sockets need not have a source address, for example, for only sending data, but if a program binds a socket to a source address, the socket can be used to receive data sent to that address. Based on this address, Internet sockets deliver incoming data packets to the appropriate application process.
Socket often refers specifically to an internet socket or TCP socket. An internet socket is minimally characterized by the following:
- local socket address, consisting of the local IP address and (for TCP and UDP, but not IP) a port number
- protocol: A transport protocol, e.g., TCP, UDP, raw IP. This means that (local or remote) endpoints with TCP port 53 and UDP port 53 are distinct sockets, while IP does not have ports.
- A socket that has been connected to another socket, e.g., during the establishment of a TCP connection, also has a remote socket address.
The distinctions between a socket (internal representation), socket descriptor (abstract identifier), and socket address (public address) are subtle, and these are not always distinguished in everyday usage. Further, specific definitions of a socket differ between authors. In IETF Request for Comments, Internet Standards, in many textbooks, as well as in this article, the term socket refers to an entity that is uniquely identified by the socket number. In other textbooks, the term socket refers to a local socket address, i.e. a "combination of an IP address and a port number". In the original definition of socket given in RFC 147, as it was related to the ARPA network in 1971, "the socket is specified as a 32 bit number with even sockets identifying receiving sockets and odd sockets identifying sending sockets." Today, however, socket communications are bidirectional.
Within the operating system and the application that created a socket, a socket is referred to by a unique integer value called a socket descriptor.
This example, modeled according to the Berkeley socket interface, sends the string "Hello, world!" via TCP to port 80 of the host with address 18.104.22.168. It illustrates the creation of a socket (getSocket), connecting it to the remote host, sending the string, and finally closing the socket:
Socket mysocket = getSocket(type = "TCP") connect(mysocket, address = "22.214.171.124", port = "80") send(mysocket, "Hello, world!") close(mysocket)
Several types of Internet socket are available:
- Datagram sockets
- Connectionless sockets, which use User Datagram Protocol (UDP). Each packet sent or received on a datagram socket is individually addressed and routed. Order and reliability are not guaranteed with datagram sockets, so multiple packets sent from one machine or process to another may arrive in any order or might not arrive at all. Special configuration may be required to send broadcasts on a datagram socket. In order to receive broadcast packets, a datagram socket should not be bound to a specific address, though in some implementations, broadcast packets may also be received when a datagram socket is bound to a specific address.
- Stream sockets
- Connection-oriented sockets, which use Transmission Control Protocol (TCP), Stream Control Transmission Protocol (SCTP) or Datagram Congestion Control Protocol (DCCP). A stream socket provides a sequenced and unique flow of error-free data without record boundaries, with well-defined mechanisms for creating and destroying connections and reporting errors. A stream socket transmits data reliably, in order, and with out-of-band capabilities. On the Internet, stream sockets are typically implemented using TCP so that applications can run across any networks using TCP/IP protocol.
- Raw sockets
- Allow direct sending and receiving of IP packets without any protocol-specific transport layer formatting. With other types of sockets, the payload is automatically encapsulated according to the chosen transport layer protocol (e.g. TCP, UDP), and the socket user is unaware of the existence of protocol headers that are broadcast with the payload. When reading from a raw socket, the headers are usually included. When transmitting packets from a raw socket, the automatic addition of a header is optional.
- Most socket application programming interfaces (APIs), for example, those based on Berkeley sockets, support raw sockets. Windows XP was released in 2001 with raw socket support implemented in the Winsock interface, but three years later, Microsoft limited Winsock's raw socket support because of security concerns.
- Raw sockets are used in security-related applications like Nmap. One use case for raw sockets is the implementation of new transport-layer protocols in user space. Raw sockets are typically available in network equipment, and used for routing protocols such as the Internet Group Management Protocol (IGMP) and Open Shortest Path First (OSPF), and in the Internet Control Message Protocol (ICMP) used, among other things, by the ping utility.
Socket states in the client-server model
Computer processes that provide application services are referred to as servers, and create sockets on startup that are in the listening state. These sockets are waiting for initiatives from client programs.
A TCP server may serve several clients concurrently by creating a unique dedicated socket for each client connection in a new child process or processing thread for each client. These are in the established state when a socket-to-socket virtual connection or virtual circuit (VC), also known as a TCP session, is established with the remote socket, providing a duplex byte stream.
A server may create several concurrently established TCP sockets with the same local port number and local IP address, each mapped to its own server-child process, serving its own client process. They are treated as different sockets by the operating system since the remote socket address (the client IP address or port number) is different; i.e. since they have different socket pair tuples.
UDP sockets do not have a established state, because the protocol is connectionless. A UDP server process handles incoming datagrams from all remote clients sequentially through the same socket. UDP sockets are not identified by the remote address, but only by the local address, although each message has an associated remote address that can be retrieved from each datagram with the networking application programming interface (API).
Communicating local and remote sockets are called socket pairs. Each socket pair is described by a unique 4-tuple consisting of source and destination IP addresses and port numbers, i.e. of local and remote socket addresses. As discussed above, in the TCP case, a socket pair is associated on each end of the connection with a unique 4-tuple.
The term socket dates to the publication of RFC 147 in 1971, when it was used in the ARPANET. Most modern implementations of sockets are based on Berkeley sockets (1983), and other stacks such as Winsock (1991). The Berkeley sockets API in the Berkeley Software Distribution (BSD), originated with the 4.2BSD Unix operating system as an API. Only in 1989, however, could UC Berkeley release versions of its operating system and networking library free from the licensing constraints of AT&T's copyright-protected Unix.
Sockets in network equipment
The socket is primarily a concept used in the transport layer of the Internet protocol suite or session layer of the OSI model. Networking equipment such as routers, which operate at the internet layer, and switches, which operate at the link layer, do not require implementations of the transport layer. However, stateful network firewalls, network address translators, and proxy servers keep track of active socket pairs. In multilayer switches and quality of service (QoS) support in routers, packet flows may be identified by extracting information about the socket pairs.
- Cisco Networking Academy Program, CCNA 1 and 2 Companion Guide Revised Third Edition, P.480, ISBN 1-58713-150-1
- Jack Wallen (2019-01-22). "An Introduction to the ss Command".
- V. S. Bagad, I. A. Dhotre (2008), Computer Networks (5th revised edition, 2010 ed.), Technical Publications Pune, p. 52
- SO_BROADCAST, Microsoft, retrieved 2019-12-12
- Class DatagramSocket, Oracle, retrieved 2019-12-12
- Ian Griffiths for IanG on Tap. 12 August 2004. Raw Sockets Gone in XP SP2
- "raw(7): IPv4 raw sockets - Linux man page". die.net.
- "Raw IP Networking FAQ". faqs.org.
- "www-306.ibm.com - AnyNet Guide to Sockets over SNA". Archived from the original on 2008-05-03. Retrieved 2006-09-07.
- books.google.com - UNIX Network Programming: The sockets networking API
- books.google.com - Designing BSD Rootkits: An Introduction to Kernel Hacking
- (Goodheart 1994, p. 11) harv error: no target: CITEREFGoodheart1994 (help)
- (Goodheart 1994, p. 17) harv error: no target: CITEREFGoodheart1994 (help)
- historyofcomputercommunications.info - Book: 9.8 TCP/IP and XNS 1981 - 1983
- The Desktop Computer as a Network Participant.pdf 1985
- How sockets work - IBM information center
- Server Programming with TCP/IP Sockets[dead link]
- Beej's Guide to Network Programming
- Java Tutorials: Networking basics
- Net::RawIP; module for Perl applications. Created by Sergey Kolychev.
- SOCK_RAW Demystified: article describing inner workings of Raw Sockets
- C language examples of Linux raw sockets for IPv4 and IPv6 - David Buchan's C language examples of IPv4 and IPv6 raw sockets for Linux.