Networking Ports, Protocols, and Services PDF

Summary

This document explains common networking ports, protocols, and services. It details the functionality, use cases, and security aspects for several key networking protocols.

Full Transcript

Explain Common Networking Ports, Protocols and
Services - GuidesDigest Training

Chapter 1: Networking Concepts

In this chapter, we will explore a variety of key networking protocols—including FTP, SSH, SMTP,
DNS, DHCP, HTTP, HTTPS, and more—along with their standard ports. For each protocol, we will
provide an overview of its function, typical use cases, and the specific ports it utilizes. Additionally,
we will cover the importance of secure protocols such as SFTP and HTTPS in maintaining data
privacy and security in transmissions.

Understanding these protocols and ports is crucial for anyone involved in network management,
cybersecurity, and IT support, as it forms the foundation for troubleshooting network issues,
securing network traffic, and optimizing network performance.

1.4.1 File Transfer Protocol (FTP) – Ports 20/21
FTP is a standard network protocol used to transfer files from one host to another over a TCP-based
network, such as the Internet. FTP operates on two main ports: port 21 for the command and
control part of the connection, and port 20 for the actual data transfer.

Functionality:
◦ FTP enables users to upload, download, delete, and manage files on a remote server.
Use Case:
◦ A web developer might use FTP to upload website files from their local computer to the
hosting server.
Security:
◦ Traditional FTP does not encrypt its traffic; all transmissions, including credentials, are
in plain text, posing a significant security risk.

1.4.2 Secure File Transfer Protocol (SFTP) – Port 22
SFTP, which stands for SSH File Transfer Protocol or Secure File Transfer Protocol, provides a
secure method for file access, transfer, and management over a reliable data stream. It operates
over SSH on port 22, ensuring that all data, including credentials, is encrypted during transfer.

Functionality:
◦ SFTP provides all the functionality of FTP, including file transfer and manipulation
capabilities, but with an added layer of security through SSH encryption.
Use Case:
◦ An organization transferring sensitive financial data to an external auditor might use
SFTP to ensure the confidentiality and integrity of the data.
Security:
◦ SFTP encrypts the session, preventing the interception and decryption of sensitive data,
including authentication credentials.

1.4.3 Secure Shell (SSH) – Port 22
SSH, or Secure Shell, is a cryptographic network protocol for operating network services securely
over an unsecured network. It is most commonly used for remote login to computer systems by
users.

Functionality:
◦ SSH provides a secure channel over an unsecured network, ensuring strong encryption
of data between the client and the server. It supports a wide range of cryptographic
techniques.
Use Case:
◦ System administrators use SSH to remotely manage servers, securely executing
commands and configuring services.
Security:
◦ SSH uses public-key cryptography to authenticate the remote computer and allow the
remote computer to authenticate the user, if necessary.

1.4.4 Telnet – Port 23
Telnet is one of the oldest Internet protocols designed for remote communication. It allows a user
on one computer to log into another computer that is part of the same network.

Functionality:
◦ Telnet provides a bidirectional interactive text-oriented communication facility using a
virtual terminal connection over TCP.
Use Case:
◦ Before the widespread use of SSH, Telnet was commonly used for remote management
of devices and servers. Today, its use is discouraged for any scenario requiring secure
communication.
Security:
◦ Telnet transmits all data, including login credentials, in plaintext. It is considered
insecure and has largely been replaced by SSH for secure remote login purposes.

1.4.5 Simple Mail Transfer Protocol (SMTP) – Port 25
SMTP is the standard protocol for sending emails across the Internet. It specifies how email
messages are transmitted between mail servers, and it operates primarily over port 25 for its
communication.

Functionality:
◦ SMTP is responsible for setting up communication rules between servers, defining
message structure, and managing the message transfer process.
◦ It can also be used for sending emails from a client to a mail server (email submission)
which typically uses port 587 or 465 (with SSL/TLS encryption).
Use Case:
◦ Whenever you send an email, your email client interacts with the SMTP server to handle
the sending process. For instance, when you send an email through a mail service like
Gmail, it uses SMTP to deliver your message to the recipient’s email server.
Security:
◦ SMTP by itself does not encrypt email messages. Emails sent over SMTP are in
plaintext, making them susceptible to interception. Secure variants like SMTPS use
encryption to secure messages.
1.4.6 Domain Name System (DNS) – Port 53
DNS translates human-readable domain names (like www.example.com) into machine-readable IP
addresses. It’s an essential component of the Internet, enabling users to access websites using easy-
to-remember domain names rather than complex IP addresses. DNS queries typically run over port
53.

Functionality:
◦ DNS operates using a hierarchical system, consisting of different levels of DNS servers,
including root, TLD (Top-Level Domain), and authoritative name servers.
◦ When you type a URL into your browser, a DNS query is initiated to resolve the domain
name to its corresponding IP address.
Use Case:
◦ Accessing any website by its domain name involves a DNS query. For example,
accessing Google involves the DNS translating ‘www.google.com’ into its IP address.
Security:
◦ DNS queries are vulnerable to attacks like DNS spoofing. DNSSEC (DNS Security
Extensions) provides a way to verify the authenticity of DNS responses, enhancing
security.

1.4.7 Dynamic Host Configuration Protocol (DHCP) –
Ports 67/68
DHCP automates the assignment of IP addresses, subnet masks, gateways, and other network
parameters to devices, enabling them to communicate on a network without manual configuration.

Functionality:
◦ DHCP servers listen for requests on port 67, while DHCP clients receive responses on
port 68.
◦ It significantly simplifies network management by automatically providing devices with
the necessary configuration to join and communicate over a network.
Use Case:
◦ When you connect your device to a Wi-Fi network, DHCP is what assigns an IP address
to your device, allowing you to browse the Internet or access network resources.
Security:
◦ DHCP does not inherently encrypt data and is susceptible to attacks such as DHCP
spoofing. Network administrators use DHCP snooping as a security measure to mitigate
such risks.

1.4.8 Trivial File Transfer Protocol (TFTP) – Port 69
TFTP is a simplified version of FTP with no authentication, used for transferring files between
clients and servers. It’s designed to be lighter than FTP, making it faster, but also less secure. TFTP
uses UDP port 69.

Functionality:
◦ TFTP is used for transferring small amounts of data with minimal overhead. It does not
offer directory browsing or the ability to list files and has no provisions for security or
authentication.
 Use Case:
◦ Commonly used for booting diskless workstations, network devices, and transferring
firmware images and configuration files to network hardware (e.g., routers, switches).
Security:
◦ Due to its lack of authentication, TFTP should be used in secure or isolated network
environments. The data and the source or destination of the data are not encrypted or
verified.

1.4.9 Hypertext Transfer Protocol (HTTP) – Port 80
HTTP is the foundation of data communication for the World Wide Web. It is a protocol used for
transmitting hypermedia documents, such as HTML. It primarily operates over TCP port 80 for
unsecured communications.

Functionality:
◦ HTTP defines how messages are formatted and transmitted, and how web servers and
browsers should respond to various commands.
◦ It supports a stateless request-response protocol where each request from a client to a
server is independent of the last.
Use Case:
◦ Browsing most websites involves HTTP. For example, accessing an HTTP website like
‘http://example.com’ retrieves the site’s content using HTTP over port 80.
Security:
◦ HTTP does not encrypt data, which can be intercepted and read by others. HTTPS
(HTTP Secure) over port 443 adds encryption with SSL/TLS to protect data in transit.

1.4.10 Network Time Protocol (NTP) – Port 123
NTP ensures that all devices on a network are synchronized to the same clock, critical for time-
sensitive applications and for logging events in a consistent order.

Functionality:
◦ NTP uses a hierarchical system of time sources to allow devices to synchronize their
clocks to within a few milliseconds of Coordinated Universal Time (UTC).
◦ It operates over UDP port 123, minimizing the delay and resource usage typical of TCP
connections.
Use Case:
◦ Financial institutions rely on NTP for timestamping transactions. Discrepancies of even
a few seconds can lead to significant issues in trade settlements.
Security:
◦ NTP can be exploited in reflection attacks if not properly secured. Implementing
authentication mechanisms and restricting client requests to known servers can
mitigate these risks.

1.4.11 Simple Network Management Protocol (SNMP) –
Ports 161/162
SNMP is used for managing devices on IP networks. It enables network administrators to monitor
network performance, find and solve network problems, and plan for network growth.
 Functionality:
◦ SNMP agents, running on network devices, listen for queries from SNMP managers on
port 161 and send notifications (traps) back on port 162.
◦ It supports three versions, with SNMPv3 providing secure authentication and
encryption.
Use Case:
◦ Monitoring the health and status of network devices like routers, switches, servers,
printers, and more, including metrics like traffic flow, utilization, and device errors.
Security:
◦ SNMPv1 and SNMPv2c have limited security features (community strings sent in
plaintext), making SNMPv3 with its enhanced security features the preferred option.

1.4.12 Lightweight Directory Access Protocol (LDAP) –
Port 389
LDAP is a protocol for accessing and maintaining distributed directory information services over an
IP network, commonly used for storing organizational information and providing authentication
and authorization services.

Functionality:
◦ LDAP organizes and locates directory information in a hierarchical structure, e.g., users,
groups. It operates over TCP/IP port 389 for standard communication.
◦ LDAPS (LDAP over SSL/TLS) typically uses port 636 for encrypted sessions.
Use Case:
◦ Centralizing the management of users’ information, such as usernames and passwords,
enabling a single sign-on (SSO) system for company applications.
Security:
◦ While LDAP transmits data in plaintext, compromising sensitive information, LDAPS
adds a layer of security by encrypting the data in transit.

1.4.13 Hypertext Transfer Protocol Secure (HTTPS) –
Port 443
HTTPS is the secure version of HTTP, designed to perform secure transactions over the web. It uses
SSL/TLS encryption to protect the data integrity and confidentiality of the communication between
the client and server.

Functionality:
◦ HTTPS encrypts the session with a digital certificate, ensuring that all data transferred
between the user and the site is secure.
◦ It operates over TCP port 443, distinguishing it from HTTP traffic which uses port 80.
Use Case:
◦ Any website that handles sensitive user information, such as e-commerce sites, online
banking, and any form of login page, uses HTTPS to secure the data.
Security:
◦ HTTPS protects against man-in-the-middle attacks, eavesdropping, and tampering with
the data sent between the browser and the website.

1.4.14 Server Message Block (SMB) – Port 445
SMB is a network file sharing protocol that allows applications on a computer to read and write to
files and to request services from server programs in a computer network.

Functionality:
◦ SMB operates over TCP port 445 and is used primarily in Windows environments to
enable file sharing and print services among networked computers.
◦ It facilitates network communication for access to shared resources, including files,
printers, and serial ports.
Use Case:
◦ In an office setting, SMB allows employees to access files stored on a central server,
share documents, and use network printers.
Security:
◦ SMB has been the target of numerous attacks, including the notorious WannaCry
ransomware. Securing SMB involves disabling it where not needed, applying patches,
and using VPNs for accessing SMB resources over the internet.

1.4.15 Syslog – Port 514
Syslog is a standard for message logging, allowing devices to send event notification messages
across IP networks to event message collectors – or syslog servers – enabling the monitoring and
analysis of network events.

Functionality:
◦ Syslog can be used for system management and security auditing as well as generalized
informational, analysis, and debugging messages.
◦ It uses UDP port 514 for standard syslog communications, though it can be configured
to use TCP for reliability.
Use Case:
◦ Organizations use syslog for centralized logging, collecting logs from various network
devices, servers, and security appliances to a central syslog server. This aggregation of
log data is crucial for troubleshooting, security monitoring, and complying with data
retention policies.
Security:
◦ As syslog traditionally uses UDP, which does not guarantee delivery, critical systems
should configure syslog to use TCP to ensure log messages are reliably received.
Additionally, logs contain sensitive information; thus, securing access to syslog servers
and encrypting log transmissions where possible is essential to protect against
unauthorized access.

1.4.16 Simple Mail Transfer Protocol Secure (SMTPS) –
Port 587
SMTPS is an extension of the Simple Mail Transfer Protocol (SMTP) that facilitates secure email
transmission. While SMTP itself does not encrypt email messages, SMTPS uses Secure Sockets
Layer (SSL) or Transport Layer Security (TLS) to encrypt the entire email transmission.

Functionality:
◦ SMTPS ensures that both the authentication process and the email content are
encrypted, providing confidentiality and integrity for email communication.
◦ Port 587 is specifically designated for email message submission with encryption,
 whereas port 25, traditionally used by SMTP, is often blocked by ISPs due to spam and
security concerns.
Use Case:
◦ When you send an email through a mail client, SMTPS on port 587 is used to securely
connect to the email server, ensuring your email credentials and content are encrypted.
Security:
◦ SMTPS significantly enhances email security by preventing eavesdroppers from reading
email content or intercepting login credentials.

1.4.17 Lightweight Directory Access Protocol over SSL
(LDAPS) – Port 636
LDAPS is a version of LDAP (Lightweight Directory Access Protocol) that operates over an SSL-
encrypted connection, providing secure access to directory services.

Functionality:
◦ LDAPS facilitates secure communication between LDAP clients and servers, encrypting
the data transmitted over the network to protect sensitive information contained in the
directories.
◦ Port 636 is reserved for LDAPS, ensuring that directory queries and modifications are
performed over a secure channel.
Use Case:
◦ Organizations use LDAPS for secure authentication and directory lookups, ensuring that
user credentials and other sensitive directory information are encrypted during
transmission.
Security:
◦ By encrypting the traffic between LDAP clients and servers, LDAPS prevents potential
data interception and unauthorized access to the directory services.

1.4.18 Structured Query Language (SQL) Server – Port
1433
SQL Server uses port 1433 for client connections to the database server. It’s the default port for
Microsoft SQL Server and is used for database management and operations.

Functionality:
◦ This port allows for the transmission of queries and data between clients and an SQL
Server database, enabling operations such as data retrieval, updates, and administrative
tasks.
◦ SQL Server can be configured to use a different port if necessary for security or
configuration reasons.
Use Case:
◦ An application that requires storing, retrieving, and manipulating data may connect to
an SQL Server database over port 1433 to perform these operations.
Security:
◦ Connections to SQL Server can be encrypted to protect data in transit. Additionally,
limiting access to port 1433 from unauthorized sources is crucial to prevent
unauthorized database access.
1.4.19 Remote Desktop Protocol (RDP) – Port 3389
RDP allows users to connect to another computer over a network connection, providing access to
the desktop and applications of the remote computer.

Functionality:
◦ RDP operates over TCP port 3389, enabling users to remotely control another computer
as if they were physically present.
◦ It supports various features like clipboard sharing, printer redirection, and high-quality
video and sound streaming.
Use Case:
◦ Remote technical support, where technicians use RDP to connect to a user’s computer to
troubleshoot issues directly.
Security:
◦ RDP connections can be secured with encryption, and the use of strong authentication
methods is recommended. Limiting RDP access to trusted networks and using VPNs can
further enhance security.

1.4.20 Session Initiation Protocol (SIP) – Ports
5060/5061
SIP is a signaling protocol used for initiating, maintaining, managing, and terminating real-time
sessions that involve video, voice, messaging, and other communications applications and services
between two or more endpoints on IP networks.

Functionality:
◦ SIP operates over port 5060 for unencrypted signaling and over port 5061 for signaling
encrypted with Transport Layer Security (TLS).
◦ It is used for call setup, management, and teardown in VoIP (Voice over IP)
communications.
Use Case:
◦ SIP is widely used in IP telephony for setting up and tearing down voice or video calls.
Additionally, it’s used in instant messaging, video conferencing, and streaming
multimedia distributions.
Security:
◦ While SIP itself does not encrypt the content of the communication, using SIP over TLS
(port 5061) ensures that the signaling process is encrypted, enhancing the security of the
communication setup.