Network+ Ports

Well Known ports or system ports

0-1023

(5.10) FTP

20 ---- TCP (default data) 21 ----- UDP (Control File Transfer Protocol (FTP) is the original protocol used on the Internet for transferring files. Although HTTP can transfer files,, the transfer is often not as reliable or as fast as FTP. In addtion, FTP can do the transfer with security and data integrity. The old active FTP used TCP ports 21 and 20 by default, although passive FTP only uses port 21 for a default.

(5.9) TCP

The Transmission Control Protocol (TCP) enables connection-oriented communication in networks that use the TCP/IP protocol suite. TCP is by far the most common type of session on a typical TCP/IP network.

User or registered ports

1024-49151

(5.9) POPv3

110 ---- TCP Post Office Protocol version 3 is one of the two protocols that receive e-mail from SMTP servers. POP3 uses TCP port 110. POP3 is on its way out today, though you'll see it on the exam.

NTP

123----UDP Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

(5.9) NetBIOS

137-138 ---- UDP 139 ---- TCP NetBIOS Early name resolution solutions offered simple but effective network naming. Surprisingly, these solutions continue to work in modern systems. One of them is NetBIOS/NetBEUI. NetBIOUS/NetBEUI has a very simple naming convention (the NetBIOS part) that uses broadcasts for name resolution. When a computer booted up, it broadcast its name along with its MAC address. Every other NetBIOS/BEUI system heard the message and storedthe information in a cache. Any time a system was missing a NetBIOS name, the broadcasting started over again. For two reasons NetBIOS/NetBEUI was suitable only for small networks. First it provided no logical addressing like IP addresses each system had to remember the NetBIOS name and the MAC address. Second all the broadcasting made it unacceptable for large Networks. Microsoft designed a new TCP/IP protocol that enabled it to keep using the NetBIOS names but dum the NetBEUI protocol. The new protocol, NetBIOS over TCP/IP. (NetBT). NetBT made things weird on Windows sytems. Windows computers have one name used on the local network and a DNS name for use on the Internet.

(5.9) IMAP

143 ---- TCP UDP Internet Message Access Protocol version 4, IMAP4, is a preferred alternative to POP3. Like POP3, IMAP retrieves email from an email server. IMAP4 uses TCP port 143 and supports some features that are not supported in POP3. For example, IMAP4 enables you to search thorugh messages on the mail server to find specific keywords. IMAP4 also supports the concept of folders that you can place on the IMAO4 server to organize your email. Some POP3 email clients have folders, but that's not a part of POP3, just a nice feature added by the client.

(5.10) SNMP

161 ---- UDP The Simple Network Management Protocol (SNMP) is a very popular method for querying the state of SNMP-capable devices. SNMP can tell you a number of setting like CPU usage, network utilization, and detailed firewaall hits. SNMPv3 is the standard version used today and runs on UDP port 161

(5.9) H.323

1719 ---- Gatekeeper Discovery (RAS) UDP 1720 ---- Call setup port (TCP) Session Initiation Protocol (SIP) and H.323 handle the intiation, setup, and delivery of VoIP sessions. SIP and H.323 both run on top of RTP (Real-time transport Protocol). RTP, the heavily adopted bedrock of VoIP standards, defines the types of packets used on the Internet to move voice or data from a server to clients. Most VoIP solutions are SIP/RTP or H.323/RTP. H.323 uses port 1720. ...

(5.10) SSH

22 ---- SSH SSH (Secure Shell) is a newer secure replacement for Telnet. SSH servers use PKI in the form of an RSA key. The first time a client tries to log into an SSH server, the server sends its public key to the client. After the client receives this key, it creates a session ID, encrypts it using the public key, and sends it back to the server. The server decrypts this session ID and uses it in all data transferring going forward. Next, the client and server negotiate the type of encryption to use for the session. These days AES is popular, but older symmetric-key ciphers such as 3DES may still be used. The negotiation for the cipher is automatic and invisible to the user. Using RSA and a cipher makes a very safe connection, but the combination doesn't tell the server who is using the client. All SSH servers, therefore, add user names and passwords to authenticate the client. Once a user logs in with a username and password, he or she has access to the system. SSH can also act as a tunnel for any TCP/IP application. A tunnel is an encrypted link between two programs on two separate computers.

(5.10) Telnet

23 ---- TCP UDP Modern PCs can (but shouldn't) use Telnet to connect remotely to another computer via the command line. Telnet runs on TCP port 23, enabling you to connect to a Telnet server and run commands on that server as if you were sitting right in front of it. Unfortunately Telnet does not have any form of encryption.

(5.9) MGCP

2427/ Talk to gateways UDP 2727 ---- Talk to call agents (UDP) MGCP Unified communication leans heavily on SIP and RTP protocols, but can also use H.323 or MGCP. Media Gateway Control Protocol (MGCP) is designed from the ground up to be a complete VoIP or video presentation connection and session controller. MGCP uses TCP ports 2427 and 2727

(5.9) SMTP

25 ---- TCP The Simple Mail Transfer Protocol (SMTP) is used to send email. SMTP travels over TCP port 25 and is used by clients to send messages.

(5.10) RDP

3389 ---- TCP UDP Remote Desktop Protocol (RDP) is Microsoft's protocol for remote desktop, and unveiled a new remote terminal called Remote Desktop Connection (RDC) starting with Windows XP.

Lightweight Directory Access Protocol

389-----TCP,UDP LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. LDAP is lighter because in its initial version it did not include security features.

(5.9) HTTPS

443 ---- TCP HTTPS is the secure counterpart of HTTP. HTTPS stands for Hypertext Transfer Protocol over SSL. HTTPS uses TCP port 443.

SSL VPN

443----TCP

(5.10) SMB

445 ---- TCP UDP Server Message Block (SMB) runs on top of NetBT to support sharing folders and files. SMB used NetBIOS names to support the sharing and access process. SMB isn't dependant on NetBIOS and today runs by itself using TCP port 445

Dynamic/private ports

49151-65535

IPSec

500 ---- UDP 4500 ---- UDP Nat traversal

(5.9) RTP

5004 ---- TCP UDP 5005 ---- UDP RTCP RTP (Real-time transport protocol), the heavily adopted bedrock of VoIP standards, defines the types of packets used on the Internet to move voice or data from a server to clients.

(5.9) SIP

5060 --- UDP TCP 5061 ---- TLS(TCP) Session Initiation Protocol (SIP) and H.323 handle the intiation, setup, and delivery of VoIP sessions. SIP and H.323 both run on top of RTP (Real-time transport Protocol). RTP, the heavily adopted bedrock of VoIP standards, defines the types of packets used on the Internet to move voice or data from a server to clients. Most VoIP solutions are SIP/RTP or H.323/RTP. SIP uses TCP ports 5060 and 5061

(5.10) DNS

53 ---- TCP UDP Domain Name System (DNS) is a powerful, extensible, flexible system that supports name resolution on tiny in-house networks, as well as the entire Internet. DNS queries can also use TCP port 53 if UDP port 53 is not accepted.

(5.10) DHCP

67 ---- Bootp server (TCP UDP) 68 ---- bootp client (TCP UDP) Dynamic Host Configuration Protocol (DHCP) uses UDP. DHCP can't assume another computer is ready on either side of the session, so each step of a DHCP session just sends the information for that step without any confirmation.

(5.10) TFTP

69 ---- UDP Trivial File Transfer Protocol (TFTP) enables you to transfer files from one machine to another. TFTP, using UDP, doesn't have any data protection, so you would never use TFTP between computers across the Internet. TFTP is popular for movingfiles between computers on the same LAN, where the chances of losing packets is very small. TFTP uses port 69

Ping echo

7 ---- TCP, UDP

(5.9) HTTP

80 ---- TCP The Hypertext Transfer Protocol is the underlying protocol used by the Web, and it runs, by default, on TCP port 80. When you enter http:// at the beginning of a Web server's IP address, you are identifying how messages are formatted and transmitted, requesting and responding the transfer of HTML-formatted files. HTTP defines what actions Web servers and browsers should take in response to various commands. HTTP has a general weakness in its handling of Web pages: it relays commands executed by users without reference to any commands previously executed. The problem with this is that Web designers continue to design more complex and truly interactive Web pages. HTTP is pretty dumb when it comes to remembering what people have done on a Website. Luckily other technologies like JavaScript/AJAX, server-side scripting, Adobe Flash, and cookies help HTTP relay commands and thus supports more interactive, intelligent websites.

(5.9) UDP

User Datagram Protocol (UDP) runs a distant second place to TCP in terms of the number of applications that use it. UDP is perfect for the types of session that don't require the overhead of all the connection oriented stuff.