Ports Flashcards
TCP 21—FTP
Port 21 is used for the File Transfer Protocol, which is used to transfer files from client to server or vice versa. The protocol is supported by all major operating systems in use today.
TCP 23—Telnet
Telnet is a long-standing protocol and software used to remotely connect to systems and run processes on the target systems. Telnet is available on many systems and devices, but has seen decreased usage over the years because of a lack of security features; for example, passwords are sent in the clear.
TCP 25—SMTP
This port is used specifically for Simple Mail Transport Protocol, which is used to send messages (usually email) from client to server and from server to server.
TCP 53—DNS
This port is used for DNS zone transfers, the mechanism through which the DNS system keeps servers up to date with the latest zone data.
UDP 53—DNS
Pay attention to the fact that we are talking about port 53 UDP and not TCP. The UDP port is used for name queries about name-to-IP and IP-to-name mappings.
TCP 80—HTTP
Hypertext Transport Protocol is a common protocol used in all web browsers and many web applications.
TCP 135—RPC
This port is used during client-server communications, such as allowing Microsoft Outlook to communicate with Microsoft Exchange. Specifically, this port is used by the Remote Procedure Call service in Windows.
TCP 137—NetBIOS
This port associated with NetBIOS Name Service (NBNS) is a mechanism designed to provide name resolution services involving the NetBIOS protocol. The service allows NetBIOS to associate names and IP addresses of individuals systems and services. It is important to note that this service is a natural and easy target for many attackers.
TCP 139—NetBIOS
NetBIOS Session Service, also known as SMB over NetBIOS, lets you manage connections between NetBIOS-enabled clients and applications and is associated with port TCP 139. The service is used by NetBIOS to establish connections and tear them down when they are no longer needed.
TCP 445—SMB over TCP
SMB over TCP, or Direct Host, is a service designed to improve network access and bypass NetBIOS use. This service is available only in versions of Windows starting at Windows 2000 and later. SMB over TCP is closely associated with TCP 445.
UDP 161 and 162—SNMP
SNMP is a protocol used to manage and monitor network devices and hosts. The protocol is designed to facilitate messaging, monitoring, auditing, and other capabilities. SNMP works on two ports: 161 and 162. Listening takes place on 161 and traps are received on 162.
TCP/UDP 389—LDAP
Lightweight Directory Access Protocol (LDAP) is used by many applications; two of the most common are Active Directory and Exchange. The protocol is used to exchange information between two parties. If the TCP/UDP 389 port is open, it indicates that one of these or a similar product may be present.
TCP/UDP 3268—Global Catalog Service
Global Catalog Service is associated with Microsoft’s Active Directory and runs on port 3368 on Windows 2000 systems and later. The service is used to locate information within Active Directory.
