Ports

Question 1

Telnet

Answer 1

tcp/23

It’s used to provide a command line interface for communication for a remote device. TCP is used to make sure that the packets of data are sent reliably

ZERO encryption

Question 2

SSH

Answer 2

tcp/22 Secure Shell

similar to Telnet but uses encryption when connecting to routers.. or switches..

Question 3

DNS

Answer 3

udp/53
tcp/53 for large transfers

converts names to IP addresses

Question 4

SMTP

Answer 4

tcp/25 plaintext
tcp/587 using TLS encryption

Simple Mail Transfer Protocol is a server to server transfer protocol

Question 5

POP3

Answer 5

Post office Protocol version 3
tcp/110 plaintext
tcp/995 over TLS
Basic mail transfer functionality and can be used offline

Question 6

IMAP4

Answer 6

Internet Access Message Protocol v4 which includes management of email inbox from multiple clients

tcp/143 (plaintext)
tcp/993 over TLS

Question 7

SFTP

Answer 7

tcp/22 SSH File Transfer Protocol

provides system functionality by resuming interrupted transfers, directory listings, and remote file removal

Encrypted

Question 8

FTP

Answer 8

tcp/20 (active mode data)
tcp/21 (control)

FTP transfers files between systems

Question 9

TFTP

Answer 9

udp/69
Trivial File Transfer Protocol doesn’t authenticate and is simple.

Question 10

DHCP

Answer 10

udp/67
udp/69

Requires a DHCP server, at home it would be in a wired or wireless router

Dynamic/pooled
- IP addresses are assigned in real-time from a pool
- each system is given a lease and must renew at set intervals

DHCP reservation
- addresses are assigned by MAC address in the DHCP server
- quickly manage addresses from one location

Question 11

HTTP / HTTPS

Answer 11

tcp/80 web server communication

tcp/443 over TLS or SSL web server communication with encryption

Question 12

SNMP

Answer 12

udp/161

Simple Network Management Protocol

v3 - A secure standard with message integrity, authentication, and encryption

udp/162 SNMP traps are alerts and notifications from the network devices

Question 13

Syslog

Answer 13

udp/514
Standard for message logging with diverse systems, consolidated log

Usually a central log collector integrated into the SEIM

Question 14

RDP

Answer 14

tcp/3389

Remote Desktop Protocol shares a desktop from a remote location and connect to an entire desktop or just an application.

Question 15

NTP

Answer 15

udp/123

Switches, routers, firewalls, servers, workstations where every device has its own clock.

Synchronizing the clocks becomes critical especially for log files, authentication information, and outage details.

Question 16

SIP

Answer 16

tcp/5060
tcp/5061

Session Initiation Protocol helps with setup and managing VoIP signaling.
- Call, ring, or hang up

Question 17

SMB

Answer 17

tcp/445 (NetBIOS-less)

Server Message Block is a protocol used by Microsoft Windows that deals with file sharing and printer sharing
- also called CIFS (Common Internet File System)

Question 18

LDAP

Answer 18

tcp/389
Lightweight Directory Access Protocol is used to store and retrieve information in a network directory

tcp/636 LDAPS
- a non standard implementation of LDAP using SSL

Question 19

Databases

Answer 19

tcp/1433
MS-SQL Server (Microsoft Structured Query Language)

tcp/1521
Oracle SQL

tcp/3306
MySQL free and open-source database
- ultimately acquired by Oracle