2.1 - Common Network Ports

Question 1

Port numbers

Answer 1

• Well-known port number
  – Client and server need to match
• Important for firewall rules - Port-based security
• A bit of rote memorization
  – Becomes second nature after a while
• Make sure you know port number, protocol,
  and how the protocol is used

Question 2

FTP - File Transfer Protocol

Answer 2

• tcp/20 (active mode data), tcp/21 (control)
  – Transfers files between systems
• Authenticates with a username and password
  – Some systems use a generic/anonymous login
• Full-featured functionality - List, add, delete, etc.

Question 3

SSH - Secure Shell

Answer 3

• Encrypted communication link - tcp/22
• Looks and acts the same as Telnet

Question 4

Telnet

Answer 4

• Telnet – Telecommunication Network - tcp/23
• Login to devices remotely
  – Console access
• In-the-clear communication
  – Not the best choice for production systems

Question 5

SMTP - Simple Mail Transfer Protocol

Answer 5

• SMTP - Simple Mail Transfer Protocol
  – Server to server email transfer - tcp/25
• Also used to send mail from a device to a mail server
  – Commonly configured on mobile devices and email clients
• Other protocols are used for clients to receive email
  – IMAP, POP3

Question 6

DNS - Domain Name System

Answer 6

• Converts names to IP addresses - udp/53
  – www.professormesser.com = 162.159.246.164
• These are very critical resources
  – Usually multiple DNS servers are in production

Question 7

DHCP - Dynamic Host Configuration Protocol

Answer 7

• Automated configuration of IP address, subnet mask and
  other options - udp/67, udp/68
  – Requires a DHCP server
  – Server, appliance, integrated into a SOHO router, etc.
• Dynamic / pooled
  – IP addresses are assigned in real-time from a pool
  – Each system is given a lease and must renew at set intervals
• DHCP reservation
  – Addresses are assigned by MAC address in the DHCP server
  – Manage addresses from one location

Question 8

HTTP and HTTPS

Answer 8

• HTTP - tcp/80
• HTTPS - tcp/443
• Hypertext Transfer Protocol
  – Communication in the browser
  – And by other applications
• In the clear or encrypted
  – Supported by nearly all web servers and clients

Question 9

POP3 / IMAP

Answer 9

• Receive emails from an email server
  – Authenticate and transfer
• POP3 - Post office Protocol version 3
  – tcp/110
  – Basic mail transfer functionality
• IMAP4 - Internet Message Access Protocol v4
  – tcp/143
  – Includes email inbox management from multiple clients

Question 10

SMB - Server Message Block

Answer 10

• Protocol used by Microsoft Windows
  – File sharing, printer sharing
  – Also called CIFS (Common Internet File System)
• Using NetBIOS over TCP/IP
  (Network Basic Input/Output System)
  – udp/137 - NetBIOS name services (nbname)
  – tcp/139 - NetBIOS session service (nbsession)
• Direct over tcp/445 (NetBIOS-less)
  – Direct SMB communication over TCP without
  the NetBIOS transport

Question 11

SNMP - Simple Network Management Protocol

Answer 11

• Gather statistics from network devices
  – Queries: udp/161
  – Traps: udp/162
• v1 – The original
  – Structured tables
  – In-the-clear
• v2 – A good step ahead
  – Data type enhancements
  – Bulk transfers
  – Still in-the-clear
• v3 – A secure standard
  – Message integrity
  – Authentication
  – Encryption

Question 12

LDAP

Answer 12

• LDAP (Lightweight Directory Access Protocol) - tcp/389
• Store and retrieve information in a network directory
  – Commonly used in Microsoft Active Directory

Question 13

RDP - Remote Desktop Protocol

Answer 13

• Share a desktop from a remote location over tcp/3389
• Remote Desktop Services on many Windows versions
• Can connect to an entire desktop or just an application
• Clients for Windows, macOS, Linux, Unix, iPhone,
  Android, and others