A port is a communication endpoint for passing data over the network. A port is typically associated with a specific application or protocol. Port 80, for example, is normally used for the http protocol and, therefore, Web traffic. Port 25, as another example, is used for mail transfer. The Well Known Ports are both controlled and assigned numbers by the IANA (Internet Assigned Numbers Authority). They can be used only by root (or system) processes or by programs run by privileged users. Port numbers fall into three distinct ranges: (1) the Well Known Ports; (2) the Registered Ports; and (3) the Dynamic or Private Ports. The Well Known Ports are in the 0–1023 range, the Registered Ports are in the 1024–49151 range, and the Dynamic or Private Ports are in the 49152–65535 range. The complete list of Registered Ports and Dynamic or Private Ports can be found at http://www.codecutters.org/resources/ports.html. System administrators need to know these port numbers very well and must be aware that any application can be executed on any port. From a cracking standpoint, this means that “something” communicating over port 80 is not necessarily an innocent connection between a browser and a Web server. It might very well be a back door hiding behind this well-known connection—hiding in wait until the cracker decides to exploit the system.