Ports

Port 80: HTTP

Default for unencrypted web traffic. Often used for redirects and internal services.

Where you will see it: You will see this in scans, firewall rules, vulnerability reports, and service configs. Treat open ports as exposure points and verify the service is expected, hardened, and restricted.

What it is

TCP port 80 is the default port for HTTP. A port is a transport layer number used together with an IP address and a protocol such as TCP or UDP to direct traffic to the correct service on a host. A server process binds a socket to a port and listens, while a client typically chooses an ephemeral source port for outbound connections.

The combination of source and destination IP addresses, source and destination ports, and the transport protocol uniquely identifies a flow so the operating system can keep many conversations separate. Firewalls, NAT, and scanners talk about ports because the destination port is the stable rendezvous point that exposes a service to the network.

A web server binds to port 80 and listens. When your browser visits an HTTP URL, it opens a TCP connection from an ephemeral source port to destination port 80, completes the TCP handshake, and then sends an HTTP request such as a GET for a path.

The server responds with status codes, headers, and content, and the same connection may be reused for multiple requests depending on HTTP version and keep alive settings. Port 80 matters because it is often used for redirects to HTTPS, health checks, or legacy sites, and it is commonly reachable through firewalls.

Security wise, plain HTTP has no encryption or integrity. Credentials, session cookies, and content can be observed or modified in transit, so modern deployments typically move real logins and sensitive traffic to HTTPS on port 443.

How it works in broad strokes

  1. Client opens a TCP connection and sends an HTTP request line, headers, and optionally a body.
  2. Server responds with a status code, headers, and a body such as HTML or JSON.
  3. Connections may be reused with keep alive, or closed after the response depending on headers and versions.

Concrete example

A web server listens on 80 only to issue a 301 redirect to the same host on 443. If you see real app traffic on 80, it is a sign that something is still running without TLS.

Why it matters

HTTP matters because many internal dashboards, device admin UIs, and legacy apps still run without encryption. In security terms, plain HTTP leaks cookies and credentials, enables content injection, and makes session hijacking easier.

Security angle

  • Redirect to HTTPS and use HSTS on the secure site.
  • Block or restrict management interfaces on 80, especially on the internet edge.
  • Log and monitor unusual request paths and user agents for scanning behavior.

Common pitfalls

  • Leaving authentication pages on HTTP and assuming it is fine on an internal network.
  • Mixing HTTP and HTTPS resources which creates downgrade and mixed content issues.
  • Assuming port 80 is harmless because the main site uses 443. Many hidden admin panels live on 80.