Ports and Protocols

Question 1

Port

Answer 1

Virtual entry/exit point for communications used by software applications to exchange information

A logical opening in a computer that represents a service or application

■ Identifies specific applications or services on a computer that represents
a service or application
■ Numbered from 0 to 65,535

Question 2

Protocol

Answer 2

Set of rules and conventions for data exchange between network devices.

Question 3

Well Known Ports

Answer 3

Numbered from 0 to 1,023 Ephemeral ports (49,152-65,535)

Examples
○ FTP (20, 21)
○ SMTP (25)
○ HTTP (80)
○ HTTPS (443)

Question 4

Ephemeral Ports

Answer 4

● Temporary, short-lived ports for dynamic use
● Numbered from 49,152 to 65,535
● No registration is required and anyone can use them

Question 5

Data Transfer Example

Answer 5

■ Client communicates with a website using IP addresses and ports
■ Client’s source IP and random ephemeral port connect to the website’s
destination IP and default port (e.g., 80)

Two-Way Communication
■ Web server responds using its well-known port (e.g., 80) back to the
client’s ephemeral port
■ Two-way communication is established between client (ephemeral port)
and web server (port 80)

○ Ephemeral ports opened for specific tasks and closed after data transmission.
○ In subsequent communications, the client uses the well-known port (e.g., 80) but
selects a new random ephemeral port
○ Communication Flow
■ Source IP and port initiate communication
■ Data is transmitted
■ Ports closed when the task is completed

Question 6

Transmission Control Protocol (TCP)

Answer 6

■ Fundamental protocol in the Internet Protocol Suite that governs data
exchange over the internet
■ Ensures reliable delivery of packets
● Error checking
● Data sequencing
● Acknowledgment
■ Operates at the transport layer of the OSI model
■ Breaks down larger messages into smaller packets for efficient data
transfer and reassembles at the destination

○ Three-Way Handshake
■ Initiated to establish a connection between two systems
● SYN (Synchronize)

● SYN-ACK (Synchronize-Acknowledgement)
● ACK (Acknowledgement)
■ Ensures readiness for secure data transmission
○ Error Checking and Flow Control
■ Error checking
● Uses sequence numbers and acknowledgment messages
● Detects and retransmits lost or corrupted packets
■ Flow control
● Prevents overwhelming the receiver
● Windowing
○ Controls the amount of data sent at a time
○ Allows dynamic adjustment based on network conditions

Question 7

Ports (In TCP)

Answer 7

○ Ports
■ Numerical identifiers for services or applications in TCP/IP suite
■ Distinguish between different services on the same server
■ Each connection identified by source and destination IP addresses and
ports
● e.g., secure websites use port 443 (HTTPS)
■ Enable multiple network applications on the same server

Question 8

TCP’s Role in Internet Communication

Answer 8

■ Ensures reliability and ordered delivery between client and server
■ Operates at the transport layer of the OSI model

■ Utilizes packetization, acknowledgment, and error checking
■ Three-way handshake establishes a secure connection
■ Ports facilitate the logical differentiation of services on a single machine

Question 9

User Datagram Protocol (UDP)

Answer 9

■ Communication protocol used for time-sensitive transmissions on the
internet
● Ideal for applications prioritizing speed over error checking
● Low latency and reduced processing overhead.
● Lacks error checking and recovery services like TCP
■ Operates at the transport layer, similar to TCP
■ Connectionless communication model

Question 10

Packet Structure

Answer 10

Datagrams
● Term for data packets in UDP
● Sent without prior setup of transmission channels
● Contains source/destination port numbers, length field, and
checksum
● Smaller and simpler headers (8 bytes) compared to TCP (20-60
bytes)

Question 11

UDP’s Stateless Nature

Answer 11

■ UDP does not maintain connection state or track packets
■ Often referred to as a “fire and forget” protocol
■ No waiting for acknowledgments, leading to faster transfer rates

Question 12

Reliability Trade-off

Answer 12

■ UDP is less reliable due to lack of packet tracking
■ Suitable for scenarios where speed is crucial, and packet loss is
acceptable

Question 13

Use Cases

Answer 13

■ Used in applications like live broadcasts, online gaming, and VoIP calls
■ Effective for simple request-response communications (e.g., DNS lookup)
○ UDP utilizes ports to differentiate between multiple services on the same
client/server
○ UDP relies on application-level error handling due to lack of built-in error
recovery
○ UDP contains a checksum in the header for minimal protection against data
corruption
○ UDP is not as robust as TCP in ensuring data integrity and delivery

Question 14

ICMP

Answer 14

Internet Control Message Protocol (ICMP)
■ An integral part of the Internet Protocol Suite which is considered to be a
network layer protocol for diagnosing network communication issues
■ Not used for data transmission between systems unlike TCP and UDP
■ Operates at the network layer of the OSI model

Question 15

ICMP Messages

Answer 15

■ Used for indicating host or service unreachability, expired time to live,
and router buffer issues

○ Ping Utility
■ Utilizes ICMP to test host reachability on an IP network
■ Measures roundtrip time (latency) for network connection

○ ICMP Message Structure
■ Header
● Type – indicates the type of ICMP message (1 byte)
● Code – provides additional context about the message type (1
byte)
● Checksum – used for error checking the message header and data
(2 bytes)

Question 16

Port 80

Answer 16

● HTTP (Hypertext Transfer Protocol)
○ An application layer protocol. This designed to enable
communications between clients and servers
○ Uses port 80 by default
○ Foundation of data communication on the worldwide web
○ Requests and receives web content in plain text
● HTTP over Port 80 lacks security makes data vulnerable to
eavesdropping and attacks

Question 17

Web Ports and Protocols

Answer 17

Web Ports and Protocols
■ Standardized rules and numerical gateways that govern data
transmission and communication on the internet for websites

Question 18

Port 443

Answer 18

● HTTPS (Hypertext Transfer Protocol Secure)
○ Similar to HTTP but adds encryption via SSL/TLS
○ Uses port 443
○ Encrypts data, securing it from interception or tampering
○ Importance of HTTPS (Port 443)
■ Vital for websites handling sensitive data like banking, e-commerce, or
login pages
■ Automatic redirection from insecure HTTP (port 80) to secure HTTPS
■ Encryption ensures secure transmission of sensitive information

Question 19

HTTPS vs HTTP

Answer 19

Key Differences between HTTP (Port 80) and HTTPS (Port 443)
■ Security and Encryption
● HTTP (port 80) – unencrypted, plain text
● HTTPS (port 443) – encrypted using SSL/TLS, more secure against
data breaches

■ Default Usage
● HTTP (port 80) – traditional, default for unsecured browsing
● HTTPS (port 443) – introduced later, became default for secure
browsing in recent years
■ Search Engine Optimization (SEO) and Trust
● HTTPS (port 443) – favored for increased security and ranked
higher by search engines due to user trust and encryption

Question 20

SMTP

Answer 20

■ SMTP (Simple Mail Transfer Protocol)

● The standard protocol used for sending emails over the internet
● Operates over port 25
○ Default port used by email servers
○ Insecure because data is sent in plain text
● Only used for sending emails

Question 21

SMTPS

Answer 21

● SMTPS (SMTP Secure)

○ A secure variant of SMTP
○ Not really a protocol itself, but a way to secure the SMTP
protocol by transporting it via the secure socket layer or
transport layer security protocols
○ Operates over ports 465 or port 587

Question 22

POP3

Answer 22

POP3 (Post Office Protocol version 3)
● Used to retrieve emails from a remote server to a local client
● Operates over port 110
● Designed to download and delete messages from the server
● Transmits emails in plain text (insecure)
● POP3S (POP3 Secure)
○ A secure variant of POP3 that overcomes the limitations of
POP3
○ Operates over port 995 via SSL/TLS

Question 23

IMAP

Answer 23

IMAP (Internet Message Access Protocol)
● Offers more flexibility than POP3
● Operates over port 143
● Allows managing emails directly on the server, synchronizing
across multiple devices
● Transmits emails in plain text (insecure)

Question 24

IMAPS

Answer 24

(IMAP Secure)
○ A variant of IMAP that can provide a secure and encrypted
connection by transmitting data inside of an encrypted
SSL/TLS using the standard IMAP protocol
○ Operates over port 993

Question 25

More on Email Ports & Protocol

Answer 25

○ SMTP and SMTPS are used for sending emails
○ POP3 and IMAP are both used for receiving emails
■ IMAP offers more sophisticated email management
○ Understanding protocols ensures secure and efficient email communication
○ Configure systems with secure variants to protect against security threats

Question 26

File Transfer Protocols

Answer 26

■ Specialized rules and procedures that are utilized for the transmission of
files across networks

Question 27

FTP

Answer 27

File Transfer Protocol
■ Ports:
● Port 20 – actual data transfer
● Port 21 – sending control commands
■ Lack of encryption poses security risks
■ Transmissions are sent in plain text
■ Widely used for its simplicity across platforms

Question 28

SFTP (Secure File Transfer Protocol)

Answer 28

■ Addresses FTP security concerns
■ Also stands for SSH File Transfer Protocol
■ Operates on port 22 – standard port for SSH connections
■ Encrypts data for secure file transmissions

Question 29

TFTP (Trivial File Transfer Protocol)

Answer 29

■ Basic version of FTP that lacks authentication and directory browsing
■ Operates on port 69
■ Designed for sending files when minimal security is sufficient

Question 30

SMB (Server Message Block)

Answer 30

■ A network file sharing protocol that allows applications to read and write
to files and request services from the server programs

■ Operates on port 445
■ Predominantly used for Windows file sharing

■ Samba
● A cross-platform version of SMB that exists on Linux systems
■ Almost exclusively used inside of LANs and it is not a protocol to send
data across the Internet

Question 31

File Protocol Cheat Sheet

Answer 31

● FTP – basic transfers (ports 20, 21)
● SFTP – secure transfers (port 22)
● TFTP – simple, unsecured transfers (port 69)
● SMB – Windows file sharing in LANs (port 445)

Question 32

SSH (Secure Shell)

Answer 32

● Protocol for secure remote login and network services over an
unsecure network
● Operates on port 22
● Provides a secure channel, strong authentication, and encrypted
data communication
● Used by network administrators for remote control of web and
server applications

Question 33

Telnet

Answer 33

● Early remote log-in protocol
● Operates on port 23
● Allows remote login to another computer on the same network
● Transfers data in plain text, making it susceptible to eavesdropping
and on-path attacks
● Replaced by SSH due to lack of encryption

Question 34

RDP (Remote Desktop Protocol)

Answer 34

● Proprietary protocol by Microsoft for graphical user interface
remote connection
● Operates on port 3389
● Allows remote access to a window system, supporting different
network topologies
● Supports data encryption, smart card authentication, and
bandwidth reduction

Question 35

Remote Access Cheat Sheet

Answer 35

■ SSH is recommended for secure command-line management.
■ Telnet should be avoided due to its lack of encryption
■ RDP is essential for secure graphical access to Windows-based systems

Question 36

Network Services, Ports, and Protocols

Answer 36

■ Fundamental services for smooth digital communication and network
management
■ Different services that ensure that the network devices can discover each
other, communicate efficiently, and relay important system information to
each other

Question 37

DNS (Domain Name System)

Answer 37

■ Used for translating human-friendly domain names to IP addresses
■ Operates on ports 53 (UDP by default) for queries and responses
■ Uses TCP for larger messages

Question 38

DHCP

Answer 38

(Dynamic Host Configuration Protocol)
■ Automates the assignment of IP addresses and networking parameters to
client devices
■ Listens on port 67 (UDP) for client requests
■ Responds on port 68 (UDP)

Question 39

SQL Services

Answer 39

■ Refers to protocols used by database servers for managing queries
■ Microsoft SQL Server operates on port 1433
■ MySQL Server on port 3306

Question 40

SNMP (Simple Network Management Protocol)

Answer 40

■ Used for collecting information and configuring network devices
■ Operates on port 161 (UDP) for polling
■ Operates on port 162 (UDP) for unsolicited trap messages
■ Crucial for network diagnostics and performance monitoring

Question 41

Syslog (System Logging)

Answer 41

■ Standard for message logging allowing devices to send event messages
across IP networks
● Syslog Server
○ Event message collector where syslog messages are sent to
■ Operates on port 514
● Uses UDP by default
● Can use TCP for reliability

Question 42

Network Service Protocols Cheat sheet

Answer 42

Other Network Service Ports and Protocols
■ Refers to different network, service, ports, and protocols that play a
pivotal role in the network, time synchronization, and the establishment
of communication sessions, as well as directory services
■ Crucial for organizing and providing access to distributed information
located all across the network

Question 43

Session Initiation Protocol (SIP)

Answer 43

■ Initiates, maintains, and terminates real-time sessions for voice, video,
and messaging
● Common usage includes Voiceover IP applications for internet
phone calls
■ Operates over port 5060 (traditionally) on both UDP and TCP for
unencrypted signaling
■ Uses port 5061 using TCP with TLS (Transport Layer Security) for
encrypted signaling

Question 44

Network Time Protocol (NTP)

Answer 44

Used to synchronize clocks f computers over a network.

■ Vital for time-dependent processes, timestamping events, transaction
logging, and security protocols
■ Operates over port 123 using the User Datagram Protocol (UDP)
■ Example
● Ensures consistency between server and client times, affecting
encryption and decryption functions