Ports Flashcards
LDAP
Port 389
Lightweight directory access protocol
Think of the Lightweight Directory Access Protocol (LDAP) as a phonebook for network services. The protocol serves to maintain and provide access to a distributed directory of the users, applications, available network services, and systems throughout an IP network.
FTP
Port 20/21
File transfer protocol
The File Transfer Protocol (FTP) is used in a client/server configuration to transfer files. FTP can operate in active or passive mode and uses TCP to control the connection. In active mode, the connection is initiated by the client and informs the server about which port it intends to use to receive data. In active mode (although port 21 is used for command and control), the data will be sent out on port 20 which serves as the FTP server’s data port. Passive mode is used in situations where inbound client TCP connections are not possible. Firewalls generally block inbound connections by default. In this case, the client sends a PASV command to the server and the server determines which client port can be used for the transfer.
SSH
Port 22
Secure Shell
Secure Shell (SSH) opens a secure network channel over an unsecured network using public key cryptography, providing confidentiality and integrity for network services. This makes SSH a cryptographic network protocol. SSH is used to secure remote network logins and other confidential data. Passwords cannot be intercepted because encryption is established before the login is required.
Telnet
Port 23
Not encrypted like SSH
Developed in the late ’60s, Telnet was designed to support remote logins and communication between computers during what was a “kinder and gentler” time for networks. Telnet provides a functional command prompt on the remote host. However, these communication channels are in plaintext making them subject to interception. This is not acceptable for today’s networks and the internet. Since Telnet does not encrypt data, SSH has generally replaced Telnet for these connections.
SMTP
Port 25
Simple Mail transfer protocol
SMTP is an internet standard protocol. Due to the proliferation of SPAM and other email-related vulnerabilities, other ports can be used for SMTP, most notably port 587. A secure, nonstandard implementation of this protocol is SMTPS. SMTPS is quite effective because it is one of the protocols that can utilize SSL. SMTP is responsible for the transmission of email between servers and for sending email from a client. Other protocols are used by the client to receive email.
DNS
Port 53
Domain name system
The Domain Name System (DNS) is mostly known for its function of translating friendly domain name URLs such as www.mysite.com into its actual IP address which are much more difficult for humans to remember (think IPv6!).
DNS uses the two protocols TCP and UDP on port 53. DNS servers update themselves by maintaining a list of known host-to-address translations in a distributed database while also receiving and adding unknown or moved domains. This supports the hierarchical nature of domain naming of domains and sub-domains. Each domain has a designated authoritative name server that manages the domains and sub-domains. The name server also communicates that information to the database.
HTTP
Port 80
Hypertext transfer Protocol
Web Browsers use the Hypertext Transfer Protocol (HTTP) for internet communications. HTTP can be considered the foundation of the World Wide Web. HTTP uses the client/server method where a client uses a Uniform Resource Locator (URL) to locate and request information from the target server of the resource. The response is more often than not an HTML page.
A typical URL begins with http:// (or increasingly https://) followed by the Fully Qualified Domain Name (FQDN) of the desired resource. URLs to websites can be distributed between parties using clickable links called hyperlinks, named in reference to the hypertext communication being used. HTTP uses TCP/UDP port 80 and sends unencrypted data by default. This is inherently un-secure.
POP3
Port 110
Post Office Protocol
Receiving email is done over several different protocols. There are two main protocols available depending on your service. The first is Post Office Protocol (POP) with the latest version being POP3. This protocol uses port 110 by default and is responsible for the management of messages on the server (saving and deleting). Deleting the message after delivery is the default mode. Leaving messages on the server is useful if you use multiple devices for messaging.
IMAP
Port 143
Internet message access Protocol
Today’s email user is probably using email over a collection of devices including Tablets, Smartphones, and Laptops. If your smartphone downloads and deletes a work-related email (POP3 default), you will have a problem when you check email on your PC or laptop. The Internet Message Access Protocol (IMAP) on TCP port 143 solves this problem by leaving the messages on the server regardless of the delivery status. Every device that checks the server will get the email. This is great unless you get spammed a lot. If 18 out of 20 emails are junk, your server space will fill up quite quickly. This calls for closer scrutiny of the undeleted messages on your server. You have to move spam emails to the trash folder and purge it or configure the client to purge trash. Despite this, IMAP is the preferred client messaging protocol.
RDP
Port 3389
Remote Desktop Protocol
This is for the old-timers that used Telnet and then Terminal Services. From Windows XP onward, the Remote Desktop Connection (RDC) was available. Using the Remote Desktop Protocol (RDP) on TCP/UDP port 3389, RDC is able to bring a fully functional remote machine’s desktop and its programs to your device. This requires that the client and server software be configured on Microsoft products but versions of Remote Desktop are available for most OS’s.
NetBIOS
Port 137-139
Server Message Block (SMB) predates Active Directory and was the foundation of Microsoft’s Windows for Workgroups networking capability. Based on NetBIOS, SMB can run on UDP ports 137 and 138, and TCP ports 137 and 139 as NetBIOS over TCP/IP (NetBT).
SMB
Port 445
Server message block
Server Message Block (SMB) runs directly on TCP port 445. While being one of the oldest networking protocols, it has been continuously improved. The 3.0 version implemented with Windows 8 (3.02 in 8.1) supports improved performance in virtualized data centers. It is pervasive in many network applications and embedded devices. However, newer versions support end-to-end AES encryption. The Windows 10 version of SMB, version 3.1.1, requires secure negotiation when connecting to earlier versions. You may also see this service named as Common Internet File System (CIFS) or Samba depending on the operating system
SLP
Port 427
Service location Protocol
SLP was designed to help networks grow from small networks to large enterprise networks. Operating on port 427 the (Service Location Protocol), SLP allows clients to locate servers and services on the network.
DHCP
Port 67/68
Dynamic host configuration Protocol
The Dynamic Host Configuration Protocol (DHCP) has saved years of man-hours and countless misconfigurations. As the most common IPv4 or IPv6 TCP/IP addressing method, DHCP is responsible for complete client configuration on a TCP/IP network. On a work network, there is usually an assigned DHCP server. Residential or SOHO implementations use the router provided by the ISP to perform this function. DHCP assigns or leases a unique IP address to each host. The duration of the lease is determined by the network administrator or is weekly by default. DHCP will also define the internet gateway and Domain Name Server to be used. This means that your machine may not get the same IP address when rebooted or otherwise disconnected. However, the DNS and Gateway settings will remain.
The DHCP server has an available pool of IP addresses available to assign to clients (hosts) that attempt to connect to the network. The client broadcasts a UDP discovery packet for an address to all connected networks. All DHCP servers will offer an address to the client. The client will then accept the offer from the nearest server by requesting a lease. That server will lease that address to the client. The address assignment process is identical for both IPv4 and IPv6 addressing. For the sake of consistency, the ports used are UDP 67 for the server and UDP 68 for the client.
SNMP
Port 161/162
Simple network management Protocol
As one of the more popular network management protocols, Simple Network Management Protocol (SNMP) is used to monitor and configure network nodes such as printers, hosts, routers, and servers on TCP/UDP ports 161 and 162 using a network manager. SNMP agent software is used on the nodes to enable monitoring.
