skam.me

Most recent

Overview of TCP & UDP Ports

8 min read

Overview

Explore common TCP and UDP ports, protocols, and their purpose. In this course, learn to tell the difference between TCP and UDP. Learn usage of well-known communication ports for FTP, SSH, Telnet, e-mail, HTTP, HTTPS, DNS, DHCP, RDP, NetBIOS/NetBT, SMB, CIFS, SLP, AFP, LDAP, and SNDP. As an exercise, you will learn how to describe features of FTP, list the ports used for both sending and receiving an e-mail transmission, and describe the benefits of DHCP.

Objectives

CompTIA A+ 220-1001: TCP and UDP ports

  • Differentiate between TCP and UDP
  • Describe ports 21, 22, and 23
  • Describe ports 25, 110, and 143
  • Describe ports 80 and 443
  • Describe ports 53 and 67/68
  • Describe port 3389
  • Describe ports 137 and 139
  • Describe port 445
  • Describe port 427
  • Describe port 548
  • Describe port 389
  • Describe port 161/162
  • Work with well-known ports

TCP vs UDP

TCP - Transmission Control Protocol
UDP - User Datagram Protocol
Transport protocols.
Both operate within TCP/IP.
Both responsible for moving data from A to B.

TCP

Connection-oriented protocol
Suited for applications requiring high reliability
Data sent is guaranteed to arrive in the same order.
Transmission time is less critical.
Used by protocols such as:
HTTP
SMTP
Telnet
Uses acknowledgments. (e.g, I send you some data, wait for you to acknowledge it, and then I will send some more data; so then I know you are receiving the data I’m sending. If I don’t recv. ack. then I will resend.)
Takes more transmission time - sacrificing speed for reliability.

UDP

Connectionless protocol.
Imagine giving a speech in front of an audience - you aren’t giving speech to one person, you’re just giving the speech. Whoever is listening, is listening.
Faster than TCP.
Used for message transport, but much better suited for apps. requiring fast and efficient transmission (e.g video games)

Used by protocols such as:
	DNS
	DHCP
	SNMP
	VOIP

If transfer fails, you just try again.

FTP

File Transfer Protocol.
Client/server configuration used to transfer files.
Exclusively TCP-based service, no UDP component.
Utilizies two ports;
Data port (20) and
Command port (21)
(There is a version of FTP called TFTP (Trivial File Protocol) that DOES use UDP. Weird.)

Two Modes:
1: Active
Connection is initiated by the client using port 21.
2: Passive
Server connects back using port 20. (Typically used when client is not allowed to initiate the session, like through a firewall)

SSH

Secure Shell.
Port 22.
Typically used on a *NIX system, simply provides you with a terminal application on your system that runs the commands on the remote system.
Provides confidentiality and integrity over an unsecured network. Uses public key cryptography.
Commonly used to secure remote network logins.

Telnet

Port 23.
Designed to support:
Remote logins
Communication between 2 computers
Communication is not encrypted.
Information is sent in plain text and subject to interception.

SMTP

Simple Mail Transfer Protocol.
Port 25.
Used for sending Internet e-mail transmissions.
E-mail systems use SMTP to transfer messages from one server to another.

POP3

Post Office Protocol 3.
Port 110.
Client/server protocol used to retrieve e-mail.
By default, messages are deleted after user has downloaded e-mail.
Built into most popular e-mail products.
Kinda old. That’s really it’s only functionality.
You can export mail to a .PST file (Personal Storage Table). This can act as a backup.

IMAP

Internet Message Access Protocol.
Port 143.
Messages remain stored on server as well as stored locally.
Users can organize messages (e.g, categorize messages using folders/containers, like on Gmail)
This is ideal for end users that use multiple devices, like a work computer, home computer, smartphone and tablet.
Every device can recieve the same message.

HTTP

Hypertext Transfer Protocol.
Port 80.
Used to send and receive web-based client requests.
E.g used to view HTML pages or data.
Port 8080 is a common alternative especially in intranet.

Client/server config.
Client uses a Uniform Resource Locator (URL) to locate and request info. from a web server, e.g an HTML page.
Requests are then sent back using TCP/UDP port 80, unencrypted by default.

HTTPS

S stands for Secure.
Port 443.
Highly resistant to eavesdropping and intercepction cos it uses SSL (Secure Socket Layer, method of encryption)
Identified by
padlock
unbroken key

DNS

Domain Name System.
Port 53.
Translates a URL into an IP.
UDP is used for simple lookups, and TCP is used for data replication, e.g zone transfers.
DNS uses TCP and UDP.
DNS servers use databases that contain known IP addresses and their corresponding domain names.

No way one DNS server can keep track of all IPs and urls so broken down into “heirarchical database” which operates in levels. One server at top only knows about certain subsection of servers below it, and again for another server below that, etc etc.

DHCP

Dynamic Host Configuration Protocol.
Used to assign IP addresses to network devices.
IP addresses can be assigned in one of two ways:
1: Manual
2: Automatic

DORA Process

Process for requesting an IP.

Discover
Offer
Request
Acknowledge

Client boots, realises it needs to get IP automatically, sends out discover packet. (E.g, hey, any DNS servers here?) Uses broadcast packet and sends everywhere cos you cant send a packet to a specific machine when you don’t have an IP
All DHCP servers will hear the discover and then offer
Client selects one (request)
Then other servers withdraw, and the server you requested will acknowledge
Then you cna use address and dont have to broadcast

Servers use UDP port 67 to offer and acknowledge
Clients use UDP port 68 to discover and request

Benefits of DHCP

Simplified administration
Implementation does not require any additional costs.
IP addresses are assigned automatically
Saves time
Avoids config errors

Centralized network config
Easily organize different configs for clients or groups of clients
Changes can be easily rolled out to clients over the network

RDP

Remote Desktop Protocol.
Uses port 3389.
Microsoft propietary implementation.
Designed to allow remote users to have a GUI while accessing another pc
Similar to telnet but with graphical interface?
Commonly used by admins

Input support
Mouse and KB functionality.
Output support
Audio and printer
Clipboard sharing between client and remote host.
Application support
Also supported on other non-Microsoft platforms, e.g rdesktop (linux)

NetBIOS

Controls how apps. residing on diff. computers communicate on same LAN.
Commonly used in Ethernet and Token Ring networks.
Allows PCs to communicate by using names.

Commonly communicates on following ports:

UDP
	137
	138

Can also operate on TCP
	137
	139
But is fairly rare.

SMB

Server Message Block.
Port 445.
Used for sharing access to network resources, like files, printers, serial ports, and rly any other resource that can be shared.

This was also referred to as CIFS or Common Internet File System.
SMB and CIFS are just two different dialects.
SMB commonly used when working with network attached storage.

Features

On windows:
Workstation and server services.
For unix and unix-like platforms, it includes Samba protocol daemons.
Facilitates NetBIOS transport
(Windows legacy versions)
Provides an authenticated inter-process communication (IPC) mechanism
On systems running Windows, there is a default $IPC share created by the server to allow unauthed (anonymous) IPC operations such as browsing for shared resources.

SLP

Service Location Protocol.
Port 427.
Service discovery protocol that enables PCs to dynamically locate services in a local area network.
Provides users with an easy-to-use interface to a network’s resource information.
Can be used as an alternative to LDAP in a smaller environment.

Implemented using agents;
-User Agents (Clients)
Subscribers
Workstations
-Service Agents (Servers)
Peripherals
Resources
-Directory Agents
Can cache info from service agents to reduce amount of traffic

AFP

Apple Filing Protocol.
Port 548.
Mac OS file protocol.
Similar to SMB.
Enables users to access outside system files.
Provides features that restrict user access to certain files.

Features

Server file access
Users must first establish a remote file server connection.
File System Components
Manage components such as:
Files
Volumes
AFP calls and folders
Modify directories and files.

AFP Frame Parameters

Directory and file attributes
Backup date
Request count
Creation date
File creator and destination directory ID

LDAP

Lightweight Directory Access Protocol.
Port 389.
Used to search a directory service for objects, such as:
Organizations
Individuals
Resources (Files, Devices)

LDAP Hierarchy

Root Directory
Countries
Organizations
Organizational units
Divisions
Departments
Individuals
People
Files
Resources

Benefits

Allows multiple independent directories
Uses a global naming model
Ensures uniqueness.
Runs over TCP/IP and SSL.
Supported by services such as DNS for resolving object names
Open source protocol

SNMP

Simple Network Management Protocol
Ports 161 and 162.
Manages and monitors network devices.
Provides common language for network devices in LAN or WAN.
Rather than just reacting when something fails, you can proactively monitor, and hopefully you can catch a problem before it arises.
SNMP v3 is most recent.
Many security enhancements, most noticably protects packets during transit by authenticating and encrypting SNMP messages.

Components

SNMP Agent
Runs on hardware/service.
Monitors and collects data, e.g bandwidth, disk space.
SNMP - Devices & Resources
Nodes on which an agent runs.
SNMP Manager
Centralized console (like a server, just the center where you can gather the data from all agents)
Management Information Base (MIB)
DB file that itemizes and describes all objects.

Graph View