Ports Flashcards
Port 3389
Protocol: RDP (Remote Desktop Protocol)
Type: TCP
Description: Allows remote access to a Windows computer’s graphical desktop. It enables IT admins and users to control a computer from another location.
Port 53
Protocol: DNS (Domain Name System)
Type: TCP/UDP
Description: Resolves domain names into IP addresses. UDP is used for fast queries, while TCP is used for larger responses like DNS zone transfers.
Port 514
Protocol: Syslog
Type: UDP
Description: Used for collecting and forwarding system log messages from devices such as routers, firewalls, and servers for centralized monitoring.
Port 993
Protocol: IMAPS (IMAP over SSL/TLS)
Type: TCP
Description: A secure version of IMAP that encrypts email retrieval with SSL/TLS, ensuring data privacy.
Port 21
Protocol: FTP (File Transfer Protocol)
Type: TCP
Description: Used for transferring files between computers. It does not provide encryption, making it vulnerable to attacks like password sniffing. Secure alternatives include SFTP and FTPS.
Port 445
Protocol: SMB (Server Message Block)
Type: TCP
Description: Used for file and printer sharing between Windows machines. It replaces the older NetBIOS protocol. Often a target for ransomware and exploits like WannaCry.
Ports 1645, 1646
Protocol:: RADIUS (Remote Authentication) - TCP
Type: TCP
Description: Provides authentication, authorization, and accounting (AAA) for users accessing networks. Often used for Wi-Fi authentication.
Ports 1812, 1813
Protocol: RADIUS UDP - UDP
Type: UDP
Description: Provides authentication, authorization, and accounting (AAA) for users accessing networks. Often used for Wi-Fi authentication.
Port 1433
Protocol: Microsoft SQL
Type: TCP
Description: Used for connecting to Microsoft SQL Server databases. It allows applications to send database queries and retrieve results.
Port 443
Protocol: HTTPS (HTTP Secure)
Type: TCP
Description: Secure version of HTTP that encrypts web traffic using SSL/TLS, protecting sensitive data such as login credentials and credit card details.
Port 135
Protocol: RPC (Remote Procedure Call)
Type: TCP/UDP
Description: Enables remote execution of programs on Windows networks, often used by services like Microsoft Exchange and DCOM applications.
In essence, port 135 helps manage remote requests between programs in Windows environments
Example:
Suppose a network management tool wants to check on the status of your Windows computer from another location. The tool sends a message to your computer using port 135. Port 135 then directs the message to the appropriate service on your computer that can provide the status information. Without this “receptionist,” the tool wouldn’t know where to send its request within the computer.
Port 80
Protocol: HTTP (Hypertext Transfer Protocol)
Type: TCP
Description: Standard protocol for browsing websites. It transmits data in plaintext, making it susceptible to interception. Secure browsing uses HTTPS (port 443).
Port 162
Protocol: SNMPTrap
Type: UDP
Description: Receives alerts from SNMP-enabled devices when specific events occur, such as network failures or high CPU usage.
Port 636
Protocol: LDAPS (LDAP Secure)
Type: TCP
Description: A secure version of LDAP that encrypts directory service communications using SSL/TLS.
Port 110
Protocol: POP3 (Post Office Protocol)
Type: TCP
Description: Retrieves emails from a mail server to a local device. Once downloaded, emails are typically removed from the server unless configured otherwise.
Ports 137, 138, 139
Protocol: NetBIOS
Type: TCP/UDP
Description: Used for legacy Windows file sharing and local network name resolution. SMB (port 445) has mostly replaced NetBIOS for file sharing.
Port 22
Protocol: SSH, SCP, SFTP
Type: TCP
Description: Secure Shell (SSH) provides encrypted remote access. Secure Copy Protocol (SCP) and Secure File Transfer Protocol (SFTP) are used for secure file transfers over SSH.
Port 69
Protocol: TFTP (Trivial File Transfer Protocol)
Type: UDP
Description: A simplified version of FTP that lacks authentication. It is mainly used for transferring configuration files to network devices like routers and switches.
Port 25
Protocol: SMTP (Simple Mail Transfer Protocol)
Type: TCP
Description: Used for sending emails between mail servers. It is often blocked by ISPs to prevent spam. Secure versions use ports 465 or 587.
Port 6514
Protocol: Syslog TLS
Type: TCP
Description: A secure version of Syslog that uses TLS encryption to protect log messages from tampering during transmission.
Port 88
Protocol: Kerberos
Type: UDP
Description: A network authentication protocol that uses tickets for secure logins. It is widely used in Active Directory environments for single sign-on (SSO).
Port 161
Protocol: SNMP (Simple Network Management Protocol)
Type: UDP
Description: Used to monitor and manage network devices like routers, switches, and servers. It collects device performance and status information.
Port 143
Protocol: IMAP (Internet Message Access Protocol)
Type: TCP
Description: Allows users to access emails stored on a mail server while keeping them synchronized across multiple devices. Unlike POP3, emails remain on the server.
Port 995
Protocol: POP3S (POP3 over SSL/TLS)
Type: TCP
Description: A secure version of POP3 that encrypts email retrieval, preventing credentials from being exposed during transmission.
Port 23
Protocol: Telnet
Type: TCP
Description: Allows remote command-line access to devices but is insecure because it sends data, including passwords, in plaintext. SSH is the preferred secure alternative.
Port 119
Protocol: NNTP (Network News Transfer Protocol)
Type: TCP
Description:
What is it?
Port 119 is used by the Network News Transfer Protocol (NNTP), which is a protocol for managing and distributing news articles (like forum posts or discussion threads) across the internet.
What does it do?
NNTP allows users to:
Read news articles from news servers.
Post new articles to newsgroups (like online forums).
Download articles to their local devices for offline reading.
Port 389
Protocol: LDAP (Lightweight Directory Access Protocol)
Type: TCP
Description: Used for managing and accessing directory services such as Active Directory. It helps in storing user authentication data and organizational hierarchies.
Ports 465, 587
Protocol: SMTPS (SMTP Secure)
Type: TCP
Description: Secure versions of SMTP used for sending encrypted emails with SSL/TLS protection.
Note about TCP vs TCP over SSL/TLS
TCP vs. TCP over SSL/TLS
TCP (Transmission Control Protocol):
What it does: TCP is a core protocol that ensures data is reliably transmitted between devices over a network.
Security: TCP itself does not provide encryption or security. It only ensures that data is delivered correctly and in order.
TCP over SSL/TLS (Secure Sockets Layer / Transport Layer Security):
What it does: SSL/TLS adds a layer of encryption on top of TCP.
Security: TCP over SSL/TLS ensures that the data being transmitted is encrypted, making it secure from eavesdropping or tampering.
Is the TCP Version Not Secure?
Yes, TCP alone is not secure.
If a protocol has a version that uses TCP alone, it means the data is transmitted in plaintext. This makes it vulnerable to:
Eavesdropping: Attackers can read the data.
Tampering: Attackers can modify the data.
Spoofing: Attackers can impersonate the sender or receiver.
TCP over SSL/TLS is secure.
SSL/TLS encrypts the data, making it unreadable to anyone who intercepts it. This ensures:
Confidentiality: Data is private.
Integrity: Data cannot be tampered with.
Authentication: The identity of the sender/receiver is verified.
Example: HTTP vs. HTTPS
HTTP (TCP):
Uses plain TCP.
Data (like passwords or credit card numbers) is sent in plaintext.
Not secure.
HTTPS (TCP over SSL/TLS):
Uses TCP with SSL/TLS encryption.
Data is encrypted, making it secure.
