As an IP (static) uniquely identifies a machine in the network so does a port within a physical server identifies an application that is listening on. For example by default the web server hosting a web application listens to port 80 for any HTTP requests. It is just that when you type the URL the browser automatically suffixes this port number when it sends the request. A firewall can be setup to block requests coming in through a specific port. Thus in production kind of environment the firewall may block all the requests coming in except port 80 that the web server will serve the response. And the firewall can be configured in such a way that all the requests except from specific IP(s) on a specific port is only allowed. But then there is a need for administrators to configure the system or get into the system and setup something. In which case there needs to be a way to get into the system from outside world securely and manage the system. That is where tunneling protocol comes into picture. A tunnel helps in encapsulating a protocol within another. A good example to realize tunneling is the VPN (Virtual Private Network) setup which enables a person to get into a network circle from outside. Tunneling plays an important role and its uses are many. The wikipedia link “Tunneling Protocol” has list of tunneling protocols with links. SSH (secure shell) is a protocol that helps connect on to a server over a secure tunnel to administer and manage the system. Here is a link to a short introduction on SSH Tunneling.