CEHv10 Ports to know

Question 1

20/21

Answer 1

FTP (20-actual file transfers can take place) (21-command or control port)

Question 2

22

Answer 2

SSH/TLS

Question 3

23

Answer 3

Telnet

Question 4

25

Answer 4

SMTP

Question 5

42

Answer 5

WINS (TCP) - Port Description: Host Name Server. Obsolete nameserver (originally DARPA’s trivial name server, replaced by DNS) and is currently used by Microsoft hosts for WINS server for NetBIOS name resolves. May also be still found on some older Unix systems. Disable on all non-MS-WINS hosts.

Question 6

49

Answer 6

TACACS

Question 7

53

Answer 7

DNS

Question 8

80/8080

Answer 8

HTTP

Question 9

88

Answer 9

Kerberos

Question 10

110

Answer 10

POP3

Question 11

111

Answer 11

Portmapper (Linux)

Question 12

119

Answer 12

NNTP - The Network News Transfer Protocol (NNTP) is an application protocol used for transporting Usenet news articles (netnews) between news servers and for reading and posting articles by end user client applications.

Question 13

123

Answer 13

NTP

Question 14

135

Answer 14

RPC-DCOM - Remote Procedure Call (RPC) dynamic port allocation is used by server applications and remote administration applications such as Dynamic Host Configuration Protocol (DHCP) Manager, Windows Internet Name Service (WINS) Manager, and so on. RPC dynamic port allocation will instruct the RPC program to use a particular random port in the range configured for TCP and UDP, based on the implementation of the operating system used

Question 15

137-139

Answer 15

NetBIOS/SMB - NetBIOS is a protocol used for File and Print Sharing under all current versions of Windows. While this in itself is not a problem, the way that the protocol is implemented can be.

NetBios services:
NETBIOS Name Service (TCP/UDP: 137)
NETBIOS Datagram Service (TCP/UDP: 138)
NETBIOS Session Service (TCP/UDP: 139)

Question 16

143

Answer 16

IMAP - Internet Message Access Protocol (IMAP) - used for retrieving, organizing, and synchronizing e-mail messages

Question 17

161/162

Answer 17

SNMP - The SNMP agent receives requests on UDP port 161.
The manager receives notifications (Traps and InformRequests) on port 162.
When used with Transport Layer Security or Datagram Transport Layer Security, requests are received on port 10161 and notifications are sent to port 10162.
The are 2 types of community strings:
public mainly read only functions
private Read/Write in general

Question 18

389

Answer 18

LDAP

Question 19

636

Answer 19

LDAP Secure

Question 20

443

Answer 20

HTTPS (SSL/TLS)

Question 21

445

Answer 21

CIFS - Common Internet File System (CIFS) is a specific implementation of SMB that enables file sharing. Many people mistake CIFS as a different protocol than SMB, when in fact they use the same basic architecture.

Question 22

1812

Answer 22

RADIUS

Question 23

3389

Answer 23

RDP

Question 24

6667

Answer 24

IRC

Question 25

515,631,9100

Answer 25

Printer

Question 26

7777

Answer 26

Tini - trojans & backdoors

Question 27

12345

Answer 27

NetBus - Trojan Horse

Question 28

27374

Answer 28

Back Orifice - Trojan

Question 29

31337

Answer 29

Sub7 - Trojan

Question 30

FTP

Answer 30

20/21

Question 31

SSH/TLS

Answer 31

22

Question 32

Telnet

Answer 32

23

Question 33

SMTP

Answer 33

25

Question 34

WINS

Answer 34

42

Question 35

TACACS

Answer 35

49

Question 36

DNS

Answer 36

53

Question 37

HTTP

Answer 37

80/8080

Question 38

POP3

Answer 38

110

Question 39

Portmapper (Linux)

Answer 39

111

Question 40

The Network News Transfer Protocol (NNTP)

Answer 40

119

Question 41

NTP

Answer 41

123

Question 42

RPC-DCOM

Answer 42

135

Question 43

NetBIOS/SMB

Answer 43

137-139

Question 44

Internet Message Access Protocol (IMAP)

Answer 44

143

Question 45

SNMP

Answer 45

161-162

Question 46

LDAP

Answer 46

389

Question 47

LDAP Secure

Answer 47

636

Question 48

HTTPS (SSL/TLS)

Answer 48

443

Question 49

Common Internet File System (CIFS) / SMB

Answer 49

445

Question 50

RADIUS

Answer 50

1812

Question 51

RDP

Answer 51

3389

Question 52

IRC

Answer 52

6667

Question 53

Printer

Answer 53

515,631,9100

Question 54

DHCP

Answer 54

67 server 68 client

Question 55

67/68

Answer 55

DHCP

Question 56

TFTP

Answer 56

69

Question 57

69

Answer 57

TFTP