Network Port Fundamentals

Questions and Answers

In the context of network communication, which analogy best describes the function of a port in relation to an IP address?

• An IP address is like a house number, and a port is like the street name.
• An IP address is like a city, and a port is like a specific neighborhood.
• An IP address is like an apartment building, and a port is like an apartment number within that building. (correct)
• An IP address is like a country, and a port is like a state within that country.

What is the primary role of the Internet Assigned Numbers Authority (IANA) in the context of network ports?

• To optimize network traffic flow across different port ranges.
• To dynamically allocate ephemeral ports for all internet communications.
• To enforce security protocols on all ports below 1024.
• To manage and register well-known and registered port numbers to prevent conflicts and ensure standardization. (correct)

Which of the following statements accurately differentiates between registered ports and ephemeral ports?

• Registered ports require formal registration through IANA for organizational use, while ephemeral ports are used dynamically by client applications without registration. (correct)
• Registered ports operate on TCP, while ephemeral ports operate exclusively on UDP.
• Registered ports are reserved for common system processes, while ephemeral ports are for user applications.
• Registered ports are dynamically assigned by the server, while ephemeral ports are pre-assigned by IANA.

Consider a scenario where a client initiates multiple simultaneous connections to a web server. How are ephemeral ports utilized in this communication?

The client dynamically selects a different ephemeral port for each connection, while the server primarily uses well-known port 80 or 443. (B)

What is the key characteristic of well-known ports that distinguishes them from other port ranges?

They are reserved for operating system processes and core network services, and are standardized for universal recognition. (D)

Which of the following scenarios exemplifies the use of an ephemeral port in network communication?

A client's web browser initiating a connection to a website, using a randomly selected port above 49152. (A)

How does the Transmission Control Protocol (TCP) ensure reliable data delivery in network communication?

By segmenting data into packets, utilizing a three-way handshake for connection establishment, and implementing error checking, sequencing, and acknowledgements. (D)

What is the significance of the 'three-way handshake' in TCP communication?

It is a process to establish a reliable connection between sender and receiver before data transmission, ensuring both are ready and synchronized. (C)

Which of the following best describes the 'windowing' mechanism in TCP?

A flow control mechanism that allows the receiver to regulate the amount of data sent by the sender, preventing overwhelming the receiver. (D)

In which scenario would User Datagram Protocol (UDP) be preferred over Transmission Control Protocol (TCP)?

Streaming live video content where occasional packet loss is tolerable but low latency is essential. (D)

What is a defining characteristic of UDP in terms of connection management and data delivery?

Connectionless, providing fast data transmission with no guarantee of delivery, order, or error checking beyond a checksum. (A)

Why is UDP described as a 'fire-and-forget' protocol?

Because once data is sent, the protocol does not verify if it was successfully received or handle retransmission, prioritizing speed over reliability. (D)

What is the primary purpose of the Internet Control Message Protocol (ICMP)?

To provide network diagnostics and error reporting, such as reachability testing and error messages. (C)

Which layer of the OSI model does ICMP primarily operate within?

Network Layer (A)

What are the key components of an ICMP message header?

Type, Code, Checksum. (B)

What is the 'Ping of Death' attack, and what vulnerability does it exploit?

An attack that sends oversized ICMP packets to exploit vulnerabilities in older systems' packet reassembly processes, leading to buffer overflows and system crashes. (D)

Why do network administrators sometimes choose to block ICMP traffic at boundary firewalls and routers?

To mitigate potential security risks associated with ICMP, such as reconnaissance and certain types of attacks (e.g., ICMP Flood, Ping of Death), despite hindering network troubleshooting. (A)

What is the fundamental difference in security between HTTP (port 80) and HTTPS (port 443) in web communication?

HTTP transmits data in plain text over port 80, making it vulnerable to eavesdropping, while HTTPS encrypts data over port 443 using SSL/TLS to secure communication. (D)

When a user types http://www.example.com in their browser, what port is the browser attempting to connect to by default, and what is the security implication?

Port 80, implying an insecure connection where data is transmitted in plain text. (B)

What is the role of SSL/TLS in HTTPS, and how does it enhance web security?

SSL/TLS provides encryption, authentication, and data integrity for HTTPS connections, securing data transmitted between the client and server. (C)

Why do modern web practices favor HTTPS over HTTP, and what are the broader implications beyond just security?

HTTPS is favored for security, SEO ranking boost by search engines, and increased user trust due to data protection. (C)

What is the primary function of SMTP (Simple Mail Transfer Protocol) in email communication, and on which port does it typically operate?

Sending emails from a client or server to another mail server on port 25. (A)

How does SMTPS (SMTP Secure) enhance the security of SMTP, and what are the common ports associated with it?

SMTPS secures SMTP by transporting it over SSL/TLS, typically using ports 465 or 587, to encrypt email content during transit. (D)

What is the main difference in email retrieval between POP3 (Post Office Protocol Version 3) and IMAP (Internet Message Access Protocol)?

POP3 downloads emails to a local client and typically deletes them from the server, while IMAP allows managing emails directly on the server and synchronizing across multiple devices. (A)

In the context of email protocols, what are POP3S and IMAPS, and why are they recommended over their non-secure counterparts?

POP3S and IMAPS are secure variants of POP3 and IMAP that add SSL/TLS encryption to protect email retrieval, recommended for enhanced security against eavesdropping. (D)

For which primary purpose is File Transfer Protocol (FTP) designed, and what are the two ports it commonly uses?

Transferring files between a client and a server, typically using port 20 for data transfer and port 21 for control commands. (D)

What is the key security vulnerability associated with standard FTP, and how does SFTP (SSH File Transfer Protocol) address this?

FTP transmits usernames, passwords, and file data in plain text, making it susceptible to interception, whereas SFTP encrypts all data and commands using SSH. (C)

What is TFTP (Trivial File Transfer Protocol) primarily used for, and why is it considered 'trivial'?

Simple, unsecured file transfer for automated tasks like booting diskless systems or firmware updates, lacking advanced features like authentication or directory browsing. (A)

For what type of network environment and operating system is SMB (Server Message Block) primarily designed, and on which port does it operate?

Local Area Networks (LANs) primarily for Windows-based file and printer sharing, operating on port 445. (C)

What is the primary function of SSH (Secure Shell), and on which port does it operate?

Providing secure remote login and command execution over an encrypted channel on port 22. (A)

Why is Telnet considered insecure, and what is its primary security flaw?

Telnet transmits all data, including usernames and passwords, in plain text, making it highly vulnerable to eavesdropping and on-path attacks. (A)

What is the main purpose of RDP (Remote Desktop Protocol), and on which port does it typically operate?

Graphical user interface for remote access to Windows systems, typically operating on port 3389. (C)

In the context of remote access protocols (SSH, Telnet, RDP), which protocol is most suitable for secure, command-line based server management?

SSH (C)

What is the primary function of DNS (Domain Name System), and on which port does it operate?

Translating human-friendly domain names into IP addresses that computers can use, operating on port 53. (C)

In what way does DNS utilize both UDP and TCP protocols, and why?

DNS primarily uses UDP for fast queries and responses, and uses TCP for larger messages like zone transfers to ensure reliability. (C)

What is the purpose of DHCP (Dynamic Host Configuration Protocol), and on which ports does it operate?

Automating the assignment of IP addresses and network configuration parameters to devices, operating on ports 67 (server) and 68 (client). (D)

What are the common ports associated with SQL services, and for which specific SQL server systems are ports 1433 and 3306 typically used?

Various ports, but typically port 1433 is for Microsoft SQL Server and port 3306 is for MySQL. (D)

What is SNMP (Simple Network Management Protocol) used for, and on which ports does it operate?

Collecting information from and configuring network devices like servers, switches, and routers, operating on ports 161 and 162. (B)

What is the function of Syslog, and on which port does it primarily operate?

Providing a centralized system logging standard for network devices to send event messages, primarily operating on port 514. (B)

What is NTP (Network Time Protocol) used for, and on which port does it operate?

Synchronizing the clocks of computers over a network, operating primarily on port 123. (B)

What is the primary application of SIP (Session Initiation Protocol), and on which ports does it operate?

Initiating, maintaining, and terminating real-time sessions like voice, video, and messaging, operating on ports 5060 and 5061. (B)

What is LDAP (Lightweight Directory Access Protocol) used for, and on which port does it operate?

Accessing and maintaining distributed directory information services, operating on port 389. (B)

What is LDAPS (LDAP Secure), and how does it enhance the security of LDAP?

LDAPS secures LDAP by encrypting data transmission using SSL/TLS, typically operating on port 636, to protect sensitive directory information. (C)

Flashcards

What is a network port?

A logical opening in a computer, representing a service or application listening for traffic.

What are well-known ports?

Ports numbered from 0 to 1,023, including services like FTP (ports 20 and 21) and HTTP (port 80).

What are registered ports?

Ports numbered from 1,024 to 49,151, reserved for specific applications; require registration with IANA.

What are ephemeral ports?

Short-lived, temporary ports opened for a short period, often called dynamic or private ports, numbered from 49,152 to 65,535.

What is TCP (Transmission Control Protocol)?

A fundamental protocol within the Internet Protocol Suite, ensuring reliable, ordered, and error-checked data transmission.

What is the TCP three-way handshake?

A three-step process (SYN, SYN-ACK, ACK) used by TCP to establish a reliable connection between two systems.

What is Windowing (TCP)?

A mechanism in TCP that lets the receiver specify how much data it can handle at one time, adjusting during the session.

What is Packetization (TCP)?

Ensuring reliable data delivery between client and server by breaking messages into smaller packets and reassembling them.

What is a port in TCP/IP?

A numerical identifier in the TCP/IP suite that helps distinguish between different services/applications on a computer.

What is UDP (User Datagram Protocol)?

A communication protocol for time-sensitive transmissions like video playback and DNS lookups, prioritizing speed over reliability.

What is connectionless communication (UDP)?

A connectionless communication model where data packets (datagrams) are sent without establishing a prior connection.

What does it mean for UDP to be stateless?

A protocol that does not maintain connection states or track packets, emphasizing speed over guaranteed delivery.

What is ICMP (Internet Control Message Protocol)?

A network layer protocol used for diagnosing network communication issues and providing information about network problems, but not for general data transfer.

What is an ICMP Flood Attack?

An attack that overwhelms a target with numerous ICMP Echo Request (ping) packets to consume system resources.

What is a Ping of Death attack?

An attack that exploits older systems by sending oversized, malformed packets using the ICMP protocol.

What are web ports and protocols?

The standardized rules and numerical gateways that govern data transmission and communication over the internet for websites and web pages.

What is HTTP (Hypertext Transfer Protocol)?

A protocol that relies on port 80 by default; foundation of data communication on the World Wide Web.

What is HTTPS (Hypertext Transfer Protocol Secure)?

A protocol that relies on port 443, using SSL/TLS for encrypting data to secure it from interception or tampering.

What are email ports and protocols?

The conventions and numerical gateways that govern the transmission of emails across the internet.

What is SMTP (Simple Mail Transfer Protocol)?

A standard protocol used for sending emails across the internet, operating over Port 25.

What is SMTPS (Simple Mail Transfer Protocol Secure)?

A protocol considered as a secure variant of SMTP and operates over port 465 or port 587 to ensure email encryption during transit.

What is POP3 (Post Office Protocol Version 3)?

A protocol used to retrieve emails from a remote server to a local client over port 110, often deleting messages from the server after download.

What is POP3S (Post Office Protocol Secure)?

A secure version of POP3 that operates over Port 995 using SSL/TLS to encrypt data between email server and client.

What is IMAP (Internet Message Access Protocol)?

A protocol that operates over Port 143, allowing to manage emails directly on the email server and synchronize messages across multiple devices.

What is IMAPS (Internet Message Access Protocol Secure)?

Also known as IMAP secure, which operates over port 993 to encrypt information to protect it as it travels between email servers.

What are file transfer ports and protocols?

Specialized rules and procedures for transmitting files across networks.

What is FTP (File Transfer Protocol)?

The oldest protocol for transferring files between a client and a server over a network, using ports 20 and 21.

What is SFTP (Secure File Transfer Protocol)?

A protocol meaning, SSH File Transfer Protocol that operates over port 22 to address security concerns via secure shell, SSH connections.

What is TFTP (Trivial File Transfer Protocol)?

A simple and basic file transfer protocol that operates over port 69.

What is SMB (Server Message Block)?

A network sharing protocol that is going to be operating over port 445 and allows for Windows computers to communicate with each other.

What are remote access ports and protocols?

Protocols for managing systems and networks from a distant location.

What is SSH (Secure Shell)?

A protocol that operates over port 22 that is commonly used for secure remote login and other network services.

What is Telnet?

An early remote login protocol which operates over port 23 that transfers data in plain text.

What is RDP (Remote Desktop Protocol)?

A protocol that operates, by default, over port 3389 and is a proprietary protocol that Microsoft created to provide a GUI for remote access.

What is DNS (Domain Name System)?

Uses port 53 by default and is like the internet phone book.

Study Notes

Network Port Fundamentals

• Ports tell data where it is going when transferred over networks.
• IP addresses get data to the right system, but ports specify the application listening on that system.
• A port is a logical opening in a computer that represents a service or application waiting for traffic.
• Ports are numbered from 0 to 65,535, allowing over 65,535 different openings to run services and applications, even with only one IP address.
• Ports are divided into three categories: well-known ports, registered ports, and ephemeral ports.

Well-Known Ports

• Numbered from 0 to 1,023.
• Include well-known services.
• File Transfer Protocol (FTP) operates on ports 20 and 21.
• Simple Mail Transfer Protocol (SMTP) operates on port 25.
• Web browsing uses port 80, while secure web browsing uses port 443.

Registered Ports

• Numbered from 1,024 to 49,151.
• Both well-known and registered ports need to be registered with the Internet Assigned Numbers Authority (IANA).
• To reserve a port (e.g., 33,333) for a new video game, a request must be made to IANA.

Ephemeral Ports

• Short-lived, temporary ports open for a short period from a predefined range.
• Also called dynamic ports or private ports.
• Can be used by anyone without requesting them, unlike well-known or registered ports.
• Consist of ports numbered from 49,152 up to 65,535.
• During data transfer, both an IP address and a port are needed to specify the system and the service or application for communication.
• When downloading an audio file, a device picks a random port (e.g., around 60,000).
• A web browser opens a port on the recording device to download the file, then closes it.
• A client at IP address 192.168.1.24 communicates with a website at 64.82.46.21 by picking a random high port from the ephemeral port range.
• A random ephemeral port (e.g., 49,163) is selected to initiate a communication session.
• Two-way communication is established between a web server on port 80 and a client on port 49,163.
• After transmitting data, the ephemeral port is closed.
• The client will still send data to port 80, but uses a new randomly generated ephemeral port for sending data and listening for responses.
• A port is a logical opening in a computer, representing a service or application that’s listening and waiting for communication.
• IP address identifies the server or client, while the port number specifies the application or service to communicate with.

Transmission Control Protocol (TCP)

• TCP is a fundamental protocol within the internet protocol suite that governs data exchange over the internet.
• TCP is widely used due to its reliability in delivering packets of data across the network, ensuring packets reach their destination correctly and in order.
• Achieved through error checking, data sequencing, and acknowledgement.
• Operates through the transport layer of the OSI model.
• Responsible for reliable data transmission between a client and a server, which breaks down messages into smaller packets and reassembles them at the destination.
• Packetization makes data transfer more efficient and manageable.
• TCP uses a three-way handshake to establish a connection between two systems.
• The three steps of handshaking process: SYN (synchronize), SYN-ACK (synchronize-acknowledge), and ACK (acknowledge).
  • The client sends a SYN packet to initiate communication.
  • The server responds with a SYN-ACK packet.
  • The client sends an ACK packet back to confirm the connection.
• Error checking and flow control mechanisms ensure reliable deliverability using sequence numbers and acknowledgement messages.
• Lost or corrupted packets are retransmitted by the sender.
• Flow control prevents overwhelming the receiver using a mechanism called windowing. Windowing allows the receiver to specify the amount of data it can handle at one time.
• Ports are used as numerical identifiers within the TCP/IP suite to distinguish between different services or applications.
• Each TCP connection is identified by a pair of endpoint addresses, consisting of an IP address and a port number (source and destination IPs/ports).
• Ports enable multiple network applications to coexist on the same server, with each application having a unique port number.
• TCP ensures reliability and ordered delivery of data between a client and a server through packetization, acknowledgement, and error checking.

User Datagram Protocol (UDP)

• UDP is a communication protocol used for time-sensitive transmissions like video playback or DNS lookups.
• Useful for applications where losing some packets is acceptable.
• UDP is known for its low latency and reduced processing overhead, as it lacks the error checking and recovery services of TCP.
• Operates at the transport layer of the OSI model, like TCP.
• Works on a connectionless communication model, sending data packets (datagrams) without prior communications.
• Unlike TCP, UDP does not require a three-way handshake.
• UDP packets are simpler and smaller than TCP packets.
• Each UDP datagram includes source and destination port numbers, a length field, and a checksum, leading to smaller packet headers (8 bytes compared to TCP’s 20-60 bytes).
• UDP does not contain sophisticated error checking and recovery mechanisms due to limited header space.
• UDP is stateless, meaning it does not maintain the state of the connection or track packets.
• After data is sent, the protocol doesn’t check if it was received properly by the intended recipient.
• The lack of acknowledgement leads to faster data transfer rates, but packets may arrive out of order, be duplicated, or not arrive at all.
• UDP is used when transmission speed is more important than precision, such as live broadcasts, online gaming, and voiceover IP calling.
• UDP is suitable for streaming video where the loss of a few packets is not noticeable due to the large size of the video file.
• Also used for simple request-response communication like DNS lookups.
• Each UDP datagram contains source and destination ports in its header to direct the datagram to the correct application process.
• UDP doesn't ensure data integrity or delivery but includes a checksum in the header for minimal protection against data corruption during transmission.
• UDP is a simple, connectionless protocol for applications requiring efficient, speed-sensitive data transmissions.
• UDP is stateless and does not guarantee delivery or order of packets.
• UDP uses ports to direct data to the correct application on a client or server for time-sensitive data.

Internet Control Message Protocol (ICMP)

• ICMP is a network layer protocol primarily used for diagnosing network communication issues and providing hosts with information about network problems.
• ICMP operates at the network layer of the OSI model and is encapsulated within IP packets.
• Used for error reporting and testing.
• Used to indicate when a service or host is unreachable, when a packet’s time to live has expired, or when a router can’t forward packets due to a full buffer.
• The PING utility uses ICMP to send an Echo Request message to test the reachability of a host on an IP network, expecting an ICMP Echo reply in return.
• The PING utility measures the roundtrip time, or latency, of a network connection.
• ICMP messages have a simple structure with a header consisting of:
  • Type: A one-byte field indicating the type of ICMP message.
  • Code: A one-byte field providing context about the message type.
  • Checksum: A two-byte field used for error checking the message header and data.
• The ICMP message contains different data based on the type and code of the message. For example, Echo Request and Echo Reply messages include an identifier and a sequence number.
• ICMP does not have the reliability mechanisms used in TCP, so there is no guarantee of message delivery, ordering, or error correction.
• ICMP is designed for speed and simplicity, not data integrity or security.
• ICMP is used for error handling and diagnostics, not for transmitting regular user data.
• Attackers and hackers have used ICMP for network attacks: -ICMP Flood Attack: Overwhelms a target machine with ICMP Echo Request packets (Ping packets) to consume system resources, leading to a Denial of Service (DoS). -Distributed Denial of Service (DDoS): Amplifies the attack using a network of compromised computers (botnets). -Ping of Death: Exploits a vulnerability in older systems by sending malformed or oversized packets using the ICMP protocol. -IP packets are traditionally limited to 65,535 bytes, including headers. -The Ping of Death attack involves crafting an ICMP Echo Request packet larger than this size. -When the target system tries to reassemble these oversized packets, it can lead to buffer overflows, system crashes, or other unpredictable behavior. Modern operating systems and network equipment are no longer vulnerable to the Ping of Death attack due to security measures and patches.
• Network administrators often block ICMP traffic at firewalls and routers because of vulnerabilities.
• Blocking ICMP traffic can make troubleshooting network connectivity harder, as tools like ping and traceroute may not work.
• The Internet Control Message Protocol (ICMP) is a network diagnostic and error reporting tool, not a transport protocol like TCP or UDP.
• ICMP is encapsulated within IP packets and is essential for network troubleshooting with tools like ping and traceroute.
• The ICMP Protocol has vulnerabilities that can be exploited by attackers through ICMP Flood Attacks or sending oversized ping packets.

Web Ports and Protocols

• Web ports and protocols govern data transmission and communication over the internet for websites and web pages.
• Port 80 and port 443 are two main ports used for the web, each using a different protocol for communication.
• Ports are integral to how the internet functions and allow computers to distinguish between different types of traffic and services.
• HTTP, or the Hypertext Transfer Protocol, relies on port 80 by default.
• HTTP is the foundation of data communication on the World Wide Web.
• Web browsers use port 80 to request webpages from a server when a specific port is not specified in the URL.
• HTTP is an application layer protocol designed to enable communications between clients and servers.
• HTTP works by sending plain text requests from a client to a server, which returns a plain text response with requested content like HTML pages and images.
• Transferred data via HTTP is sent in plain text and is not encrypted.
• Data sent over port 80 via HTTP is vulnerable to eavesdropping and on-path attacks.
• Never enter sensitive information on a webpage sending data back to the server over port 80 using HTTP.
• Instead, use a secure alternative to HTTP, which uses port 443.
• Port 443 is used by HTTPS, also known as Hypertext Protocol Secure or HTTP Secure.
• HTTPS adds a layer of encryption by sending data through a secure socket layer (SSL) or transport layer security (TLS) tunnel.
• Tunnels use encryption so any data transferred between the client and server is encrypted, securing it from interception or tampering.
• HTTPS in the URL means the browser established a connection using port 443.
• The S in HTTPS stands for secure, indicating communications are encrypted using SSL or TLS.
• HTTPS over port 443 protects sensitive data, such as online banking, e-commerce websites, and login pages.
• Many websites automatically redirect users from HTTP (port 80) to HTTPS (port 443) for added security.
• Using http://www.diontraining.com will redirect to the secure version at https://www.diontraining.com.
• Key differences between HTTP over port 80 and HTTPS over port 443: -Security and Encryption: HTTP is unencrypted and insecure, while HTTPS is encrypted and secure. -Default Usage: Port 80 was traditionally used for unsecure web browsing since 1991, but port 443 is now the standard for secure browsing. -SEO and Trust: Modern web practices favor HTTPS for increased security, leading search engines to rank HTTPS websites higher. -HTTPS encrypts data before transmission between the client and the server.

Email Ports and Protocols

• Email ports and protocols refer to conventions and numerical gateways that govern email transmission across the internet.
• These protocols: SMTP, POP3, and IMAP are the backbone of email communication, ensuring messages are sent, received, and managed efficiently.

Simple Mail Transfer Protocol (SMTP)

• SMTP is the standard protocol used for sending emails across the internet.
• SMTP operates over Port 25, the default port used by email servers to relay messages.
• SMTP is solely used for transmitting outbound emails.
• Considered an insecure protocol because data is sent in plain text.
• SMTPS (SMTP Secure) was introduced as a secure variant, it secures the SMTP protocol by transporting it via secure socket layer or transport layer security protocols, creating an encrypted tunnel.
• SMTPS operates over port 465 or port 587 to ensure email messages are encrypted during transit.

Post Office Protocol Version 3 (POP3)

• POP3 is used to retrieve emails from a remote server to a local client over port 110.
• The POP3 protocol downloads messages from the server to the email client and then deletes them from the server after they're downloaded.
• The main way email was received in the 1990s and early 2000s when people only had access to a single computer.
• Subsequent updates to POP3 allow downloading emails from the server while keeping the original copy on the server, but the read or delete status was not synchronized across devices.
• POP3 transmits emails in plain text, considered an insecure protocol.
• A secure variant called POP3S or POP3 Secure was created.
• POP3 Secure operates over Port 995, using SSL or TLS to encrypt the POP3 data.

Internet Message Access Protocol (IMAP)

• IMAP offers more flexibility than POP3 when receiving emails.
• IMAP operates over Port 143 and allows managing emails directly on the email server.
• Enables access to and synchronization of messages across multiple devices.
• IMAP transmits emails in plain text between the server and the client.
• To increase email security, select IMAPS, also known as IMAP Secure.
• IMAP Secure operates over Port 993 to provide a secure connection between the email server and the email client by transmitting data inside of an SSL or TLS tunnel.
• SMTP and SMTPS are used for sending emails, with SMTPS providing a secure path for data transmission.
• POP3 and IMAP are used for receiving emails, but IMAP offers more sophisticated email management for multiple devices.
• The more secure variants like SMTPS, POP3S, and IMAPS prevent eavesdropping or on-path attacks.

File Transfer Protocol (FTP)

• File transfer ports and protocols are specialized rules and procedures for transmitting files across networks.
• FTP, SFTP, TFTP, and SMB. serve different purposes and offer various levels of security and functionality.
• The file transfer protocol (FTP) is one of the oldest protocols for transferring files between a client and a server over a network.
• FTP uses port 20 for data transfer and port 21 for control commands.
• Port 20 is used for the actual data transfer.
• Port 21 is used for setting control commands to upload or download files.
• An FTP session initiates when the client uses port 21 to communicate, authenticate, and set up the file transfer.
• Data transfer takes place over port 20.
• Transmissions over FTP are not encrypted, sent in plain text.
• Usernames and passwords can be intercepted when logging into an FTP server.

Secure File Transfer Protocol (SFTP)

• Created to address the security concerns of FTP.
• SFTP stands for SSH file transfer protocol or secure FTP.
• SFTP operates over port 22.
• Tunneling an FTP protocol through an SSH connection is already encrypted.
• SFTP encompasses the functionalities of FTP and encrypts the data before it's transferred, preventing unauthorized disclosure.
• SFTP ensures secure file transmissions.

Trivial File Transfer Protocol (TFTP)

• Trivial file transfer protocol operates over port 69.
• TFTP is a simpler, more basic version of FTP without user authentication or directory browsing.
• TFTP sends files when minimal security is sufficient.

Server Message Block (SMB)

• Server message block operates over port 445.
• SMB is a network file-sharing protocol that allows applications to read and write files and request services from server programs.
• Predominantly used for Windows file sharing, allowing Windows computers to communicate and share files on a network.
• A cross-platform version called Samba exists on Linux systems.
• SMB is now considered cross-platform but was originally designed just for Windows systems and is almost exclusively used inside local area networks.
• FTP (ports 20 and 21) is for basic file transfers.
• SFTP operates over port 22 and secures file transfer capabilities with the security of SSH.
• TFTP occurs over port 69 for simple, unsecured transfers.
• SMB operates over port 445, mostly for Windows network file sharing inside a local area network.
• Align security requirements, network environment, and functionality to select the proper file transfer protocol.

Remote Access Ports and Protocols

• Remote access ports and protocols manage systems and networks from across the network or the world.
• Remote access technologies allow users to control systems, run commands, and manage files from remote locations.

Secure Shell (SSH)

• SSH provides secure remote login and network services over an unsecure network, operating over port 22.
• Provides a secure channel over an insecure network in a client-server architecture with strong authentication and encrypted data communications inside the SSH tunnel.
• SSH is widely used by administrators to control web applications remotely, and to ensure that communication is secure
• SSH creates a secure encrypted tunnel to operate text-based commands from a remote server over an unsecured network.

Telnet

• One of the earliest remote login protocols that operates over port 23.
• Telnet allows a user on one computer to log in remotely into another computer that's part of the same network.
• Telnet was designed for local area networks only and data transfers in plain text.
• Telnet data is susceptible to eavesdropping and on-path attacks due to lack of encryption.
• SSH was developed as a replacement for Telnet.

Remote Desktop Protocol (RDP)

• RDP is a proprietary protocol developed by Microsoft - graphical user interface to connect to another computer over a network.
• RDP operates over port 3389 and is designed to support different network topologies and multiple LAN protocols.
• RDP allows for the encryption of data, smart card authentication, and bandwidth reduction mechanisms for managing Windows-based systems remotely.
• SSH operates over port 22 for secure command line-based management.
• Telnet operates over Port 23 is replaced by SSH because Telnet does not operate in an encrypted manner.
• RDP operates over Port 3389 for secure graphical access to Windows-based systems.
• Always choose the protocol that aligns with security requirements and specific tasks.

Network Service Ports and Protocols

• Network service ports and protocols are fundamental to the operation of modern networks.
• Network services ensure that network devices can discover each other, communicate efficiently, and relay important system information.
• Network services are DNS, DHCP, SQL services, SNMP, and Syslog.

Domain Name System(DNS)

• DNS, or the Domain Name System, translates domain names into IP addresses.
• DNS uses port 53 by default and operates on both TCP and UDP and operates. DNS servers listen to client requests.
• UDP is used for querying and responses that fit in one packet.
• TCP is used for larger messages, including zone transfers.

Dynamic Host Configuration Protocol (DHCP)

• DHCP, or the Dynamic Host Configuration Protocol, automates the assignment of IP addresses, subnet masks, gateways, and other networking parameters.
• DHCP servers listen for client requests over port 67 using UDP.
• DHCP clients receive responses over port 68, using UDP.

SQL Services

• SQL services manage, query database operations from client applications.
• There isn't a standard port for all SQL services. Microsoft SQL Server operates over port 1433, and MySQL server operates over port 3306.
• These ports are used for managing databases and retrieving data.

Simple Network Management Protocol (SNMP)

• SNMP collects information from and configuring network devices (servers, printers, hubs, switches, routers) and operates over ports 161 and 162 using UDP.
• Port 161 is used by SNMP managers communicating with SNMP agents.
• Port 162 is used when agents send unsolicited trap messages back to the SNMP manager, such a network administrator or network technician.

Syslog

• Syslog for system logging allows devices to send event messages across IP networks to a syslog server.
• Syslog servers store, process, or forward logs.
• Syslog operates over port 514 using either UDP or TCP.
• UDP is used by default, or TCP is used if reliability is a concern.
• DNS resolves names to IP addresses over port 53.
• DHCP assigns network parameters using ports 67 and 68.
• Microsoft's SQL Server on port 1433, and MySQL server on port 3306 allow database management and data querying.
• SNMP use this for network management, and that operates over ports 161 and 162. Syslog is used for event logging over port 514.

Network Time Protocol (NTP)

• NTP synchronizes the clocks of a computer over a given network.
• Crucial for tim-dependent processes.
• Time synchronization operates over Port 123 using UDP.
• Enables networks to maintain accurate time.

Session Initiation Protocol (SIP)

• SIP initiates, maintains, and terminates real-time sessions involving voice, video, messaging, and other communication services.
• SIP runs over Port 5060 on both UDP and TCP for unencrypted signaling and Port 5061 with TCP for encrypted signaling with TLS.

Lightweight Directory Access Protocol (LDAP)

• LDAP accesses and maintains distributed directory information services over an IP network.
• LDAP Port 389 uses both TCP and UDP for all network communication.
• LDAP is insecure and transmits all information in plain text.

Lightweight Directory Access Protocol over SSL (LDAPS)

• LDAPS is a version of LDAP, encrypted with SSL or TLS.
• Used for connections that need to be protected.
• LDAPS runs over Port 636 using TCP.
• Protects sensitive data via an encrypted tunnel.
• NTP operates over Port 123 for network time.
• SIP operates over ports 5060 and 5061 and is for voice and video.
• LDAP is for directory services using Port 389, and LDAPS uses Port 636 for secure directory services.