Protocols and Ports

Question 1

22

SSH

Answer 1

SSH

Secure Shell is a cryptographic protocol that is used to remotely administer Linux server and network equipment through a text console.

The SSH Protocol listens for incoming requests on TCP port 22

Question 2

53

DNS

Answer 2

DNS

Domain Name Services is a distributed directory of domain resource records.

DNS resolvers operate on UDP port 53 for simple lookups and TCP port 53 for data replication

Question 3

25

SMTP

Answer 3

SMTP

Simple Mail Transport Protocol is used by mail transfer agents (MTAs) to deliver emails to destination email servers.

Operates on TCP port 25

Question 4

22

SFTP

Answer 4

SFTP

Secure File Transfer Protocol is a file transfer protocol that uses the SSH inner workings. When SSH is installed on a system such as Linux, SFTP is automatically enabled to transfer files. The command used is often scp, which stands for Secure Copy Protocol.

TCP port 22

Question 5

20, 21

FTP

Answer 5

FTP

File Transfer Protocol is a legacy file-sharing protocol still that is still commonly used on the internet.

Question 6

69

TFTP

Answer 6

TFTP

Trivial File Transfer Protocol provides no security and is simplistic in its operation. It is used to boot computers over the network with the Preboot Execution Environment. It is also used to transfer software images from network devices such as routers and switches during software upgrades.

UDP port 69

Question 7

23

Telnet

Answer 7

Telnet protocol allows remote administration of network devices through a text-based console. It is being replaced by SSH

TCP port 23

Question 8

67, 68

DHCP

Answer 8

DHCP

Dynamic Host Congiguration Protocol provides automatic configuration of IP addresses, subnet masks, and options shuch as Domain Name Server servers and the remote gateway to network devices. It operates in a connectionless state, because the client will not yet have an established IP address. The DHCP server used UDP port 67 and the client used 68.

Question 9

80

HTTP

Answer 9

HTTP

Hypertext Transfer Protocol is an application protocol for web data communications. When a web page is requested from a web server, an HTTP request is made for the HTML page. When the page is returned to the web bowser, subsequent requests are made for the elements in the HTML page, such as images and JavaScript; all done via the HTTP protocol. Web crawlers and mobile apps alos request objects via HTTP.

The server listens for requests on TCP port 80

Question 10

443

HTTPS

Answer 10

HTTPS

Hypertext Transfer Protocol over SSL. Same as HTTP but it allows for the encryption of the transfers via a Secure Socket Layer. SSL is a cryptographic protocol that uses Public Key Infrastructure (PKI). A private key must be imported into the web server from a mutually trusted source.

TCP port 443

Question 11

161

SNMP

Answer 11

SNMP

Simple Network Management Protocol used for the management of servers and network devices. It can be used to collect data from servers and network devices such as memory available, CPU usage, and bandwidth. The data is arranged in a Network Management Station (NMS) by the administrator.

UDP

Question 12

3389

RDP

Answer 12

RDP

Remote Desktop Protocol a Microsoft protocol used for connecting to another Microsoft computer or server for remote administration. The RDP client built into the Microsoft operating system is mstsc.exe.

TCP

Question 13

123

NTP

Answer 13

NTP

Network Time Protocol is optimized for synchronizing clocks between computers over the Internet.

Both requests and replies go through UDP port 123

Question 14

5060, 5061

SIP

Answer 14

SIP

Session Initiation Protocol is a communication protocol for the setup and signaling of Voice over IP calls. SIP does not transport the media stream, it only assists in setting up the media stream for the communication session. Many VoIP private branch exchange (PBX) manufactures add functionality to SIP.

the protocol functions on UDP port 5060, although TCP can be used. SIP can also use encryption via Transport Layer Security (TLSO on UDP port 5061 and can be changed to TCP if needed.

Question 15

445

SMB

Answer 15

SMB

Server Message Block is common network files and printer sharing protocol that is used with Microsoft products. AKA the Common Internet File System (CIFS). However this implies SMB 1.x. Linux has a SMB filler called Samba.

SMB 3.1.1 is used for database and virtual machine storage over the network. It supports many features of block-level storage protocols, such as remote direct memory access (RDMA), failover, and Advanced Encryption Standard (AES) encryption.

TCP

Question 16

110

POP

Answer 16

POP

Post office Protocol is a legacy protocol still used, but being replaced by IMAP. It allows email clients called mail user agents (MUA) to log in and retrieve email. When multiple email clients are used, only the last email client to access the POP server will have the latest mail.

TCP

Question 17

143

IMAP

Answer 17

IMAP

Internet Message Access Protocol allows email clients to retrieve and read email on the email server. IMAP allows for multiple email clients to access the same email box simultaneously. It also uses flags to keep track of read and unread messages.

TCP port 143, IMAP over SSL on TCP port 993

Question 18

389

LDAP

Answer 18

LDAP

Lightweight Directory Access Protocol can search a directory service for objects. Microsoft AD uses LDAP to locate objects. such as domain controllers and user objects for Group Policy (GP) applications.

Uses TCP but can also use UDP

Question 19

636

Answer 19

LDAPS