Ports and Protocols

Port: virtual entry/exit point for communications used by software applications to

exchange information.
TCP used for reliable communication
Port 443 is secure for web traffic
Protocol: set of rules and conventions for data exchange between network
devices.
Ports and protocols allow for efficient data sharing across networks.

Network port fundamentals

IP addresses is like the address of my house
Port: is a logical opening in a computer that represents a service or application.
Ports are like a door to a room in my house
Ports in computer network will be numbered 0 to 65,535
Well-known ports numbered from 0 to 1023
Registered ports numbered from 1024 to 49,151
Both well-known ports and reserved ports are registered with internet assigned
numbers authority (IANA)
Ephemeral ports are short-lived temporarily ports which are opened for just a
small period of time from a predefined range of ports.
Ephemeral ports numbered from 49,152 to 65,535.
 Transmission control protocol (TCP)
TCP is a fundamental protocol within the internet protocol suite that consists of
set of rules that given the exchange of data.
TCP ensures reliable transmission of data by breaking down larger messages into
smaller packets.
TCP has three good qualities is error checking , data sequencing and
acknowledgement.
TCP = Three-way handshake
SYN = synchronize, SYN-ACK and ACK = acknowledge
TCP use sequence number and acknowledgement messages to assure the data is
being received correctly
TCP also employs flow control to prevent the sender from overwhelming the
receiver
windowing occurs by allowing the receiver to specify the amount of data it can
handle at a time
Port a numerical identifier and TCP/IP and other network protocols that helps
distinguish between different services or applications
Ports are important in the communication process because these ports allow for
multiple network application to coexist
 User datagram protocol (UDP)
User datagram protocol UDP a communication protocol used across the Internet
for especially time-sensitive transmissions.
User datagram protocol is known for low latency and reduced processing
overhead
But it's lacks the qualities of TCP which is error checking and recovery services of
TCP.
UDP doesn't require three-way handshake or windowing overhead
and it has smaller and simpler packets than TCP
The packets only consists of source and destination ports numbers, length field
and checksum
UDP packets headers only 8 bytes in size while TCP packet headers 20 to 60 bytes
in size
Internet control message protocol (ICMP)
Integral part of the Internet Protocol suite which is a set of networking protocols
used on the Internet.
ICMP lacks the reliability mechanism of TCP and ICMP prioritizes speed and
simplicity over data integrity and security.
ICMP are used for error handling and diagnostic
ICMP flood attack and ping of death
ICMP flood attack is a type of attack that involves overwhelming a target machine
with a large number of ICMP echo request packets
DDoS is a type of ICMP flood attack
pink of death is an attack that exploit vulnerability that existed in older unpatched
systems where the attackers signed malformed or oversized packets using the
ICMP protocol
ping of the death send a bigger size packet than 65535 bytes to crash the system
or buffer overflow
 Web Ports and Protocols
There is 2 main ports Is for the web which is port 80 and port 443
Port 80 used for Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol (HTTP) An application layer protocol that enables
plain text communication between client and servers
HTTP has the less usage now because of the safety of the user because it's send a
plain text and get a plain text so there might be an eavesdropping our on-path
attacks
Port 443 used for hypertext transfer protocol secure HTTPS
Email Ports and Protocol
There's three main e-mail protocols Which is SMTP, POP3 and IMAP
simple mail transfer protocol SMTP is standard protocol used for sending emails
across the Internet and operates over port 25
SMTP is only used for sending mails and not receiving
SMTPS was introduced as secure variant of SMTP. SMTPS is on port 465 or 587
Post office protocol version 3 POP3 is used to retrieve emails from a remote server
to local client over port 110
POP limits e-mail access on multiple devices as messages are stored only on the
initial device
POP3S was introduced to overcome the limitation of POP3 is Stand for secure
it operates over port 995
Internet message access protocol IMAP operates over port 143 and allows user to
manage emails directly on the e-mail server
IMAPS operates over port 993
 File Transfer Ports and Protocols
File transfer ports input calls are specialized rules and procedures that are utilized
for the transmission of files across networks, operate on the designated port and
act as doorways for data transfer activities.
File transfer protocol FTP used for transferring files between a client and server
over a network FTP work over 2 ports 20 and port 21
port 20 for actual data transfer while port 21 four sending control command
SFTP/SHH file transfer secure FTP is created to address the security concerns of
FTP and operates over port 22
Trivial file transfer protocol TFTP the simpler and more basic version of the FTP
and operates over port 69
TFTP is designed for sending files when minimal security is sufficient
Server message block SMB operates over port 445 and allows computer apps to
read and write to files and request services from the server programs
SMB is used for local area networks and it is not a protocol to send data across the
Internet
Remote Access Ports and Protocols
build and manage systems and networks from across the network
Secure shell SSH is a protocol used for secure remote login and other secure
network services over an unsecured network. SHH operates over port 22
SSH is creating a secure encrypted tunnel that can operate text based commands
from a remote server
Telnet operates over port 23. Allow a user on one computer to log in remotely to
another computer. Telnet lacks encryption
Remote desktop protocol RDP is Proprietary protocol that was developed by
Microsoft to provide users with a graphical user interface to connect to another
computer over a network connection. RDP operates over port 3389
RDP Is designed to support different types of network topologies and multiple
LAN protocols
RDP does allow for encryption of the data, It allows for smart card authentication
and Bandwidth reduction mechanism that makes it suitable For managing
windows based systems remotely
Network Service Ports and Protocols
These are different services that ensure that network devices can discover each
other and communicate efficiently, and relay important system information to
each other.
Domain Name System DNS is used to translate human friendly domain names into
an IP address that computers can use to identify each other on the network.
DNS uses port 53 by Default. It Listen if it's a large messages it will use TCP and if
it's small messages it will use UDP
Dynamic host configuration protocol DHCP used to automate the assignment of IP
addresses subnets mass gateways and Other networking parameters to a client
device
DHCP operate requests over port 67 using UDP and receive response over port 68
using UDP
SQL services Refers to the protocols used by database servers to manage queries
and control operations from the client applications that are requesting them
SQL services operate over different ports but the known ones are Microsoft SQL
port 1433 and MySQL port 3306
Simple network management protocol SNMP used for collecting information from
and configuring different network devices like servers printers hubs switches and
routers over an IP network
SNMP operates over ports 161 and 162 using the user datagram protocol
Port 161 used by SNMP managers, Port 162 Used by agents.
System logging syslog Is a standard for message logging that allows devices to
send events messages across IP networks to an event message collector known as
syslog server
Syslog operates over port 514 using UDP or TCP
Network time protocol NTP is used to synchronize the clocks of a computer over a
given network
NTP operate over port 123 using the user datagram protocol
Session initiation protocol (SIP) used for initiation maintaining and terminating
real time sessions that involve voice video messaging and other communication
services.
SIP operates over ports 5060 and 5061.
Lightweight directory access protocol LDAP is a bridge call for accessing and
maintaining distributed directory Information Services over an IP network.
LDAP operates over port 389 using UDP and TCP
LDAPS over SSL version of LDAP that is encrypted with SSL or in newer versions
TLS for increased security.
LDAPS operates over port 636 using TCP.
Ports need to save
• File Transfer Protocol (FTP) 20/21
• Secure Shell (SSH) 22
• Secure File Transfer Protocol (SFTP) 22
• Telnet 23
• Simple Mail Transfer Protocol (SMTP) 25
• Domain Name System (DNS) 53
• Dynamic Host Configuration Protocol (DHCP) 67/68
• Trivial File Transfer Protocol (TFTP) 69
• Hypertext Transfer Protocol (HTTP) 80
• Post Office Protocol v3 (POP3) 110
• Network Time Protocol (NTP) 123
• Internet Message Access Protocol (IMAP) 143
• Simple Network Management Protocol (SNMP) 161/162
• Lightweight Directory Access Protocol (LDAP) 389
• Hypertext Transfer Protocol Secure (HTTPS) [Secure Sockets Layer (SSL)] 443
• HTTPS [Transport Layer Security (TLS)] 443
• Server Message Block (SMB) 445
• Syslog 514
• SMTP TLS 587
• Lightweight Directory Access Protocol (over SSL) (LDAPS) 636
• IMAP over SSL 993
• POP3 over SSL 995
• Structured Query Language (SQL) Server 1433
• SQLnet 1521
• MySQL 3306
• Remote Desktop Protocol (RDP) 3389
• Session Initiation Protocol (SIP) 5060/5061