Ports and Protocols

(OBJ 4.5)

Ports

• When it comes to computers and networks, most of computer systems openings are going to be created using the concept of an open port.
• Logical communication endpoints on a computer or server
• Classified as either
  • Inbound
    • Listening for connections from a client
    • Sitting there and waiting for someone to come along and connect to it.
  • Outbound
    • Used to connect to a server
    • Logical communication opening created on a client in order to call out to a server that is listening for a connection
• Ports can be any number between 0 and 65,535
• Example
  • SSH connection with an inbound port 22 and an outbound port on the client
  • The outbound port on the client can be assigned to some high number random port like 51233
    • It is going to send a request to the SSH server that is listening over port 22 (the server's inbound port) and it's going to be destined for it's IP address.
  • Once the server receives this request on port 22, it has to respond to it. So it's gonna send a packet of information back to the client's IP using the outbound port opened originally (51233).
    
  • Once the session is over, the connection is going to be closed, the client will close its outbound port because it's no longer needed, and the server will keep open its inbound port so it can receive requests from the next user who wants to be able to use it.

Port Classification

• Well-Known Ports (0-1023)
  • Assigned by IANA (Internet Assigned Numbers Authority), commonly-used protocols that everyone can use
  • Example:
    • HTTPS - port 443
    • Telnet - port 23
• Registered Ports (1024-49151)
  • Vendor-specific, registered with IANA
  • Usually assigned to proprietary protocols
  • Example:
    • Microsoft's SQL - port 1433
    • Microsoft's RDP - port 3389
• Dynamic and Private Ports (49152-65535)
  • Temporary outbound connections
  • Can be used by any application without being registered with IANA
  • Example:
    • This range is usually going to be used by your client whenever it picks own random high number port for its application.
    • Commonly used in gaming, instant messaging, and chat for connections

Protocols

• Rules governing device communication and data exchange
  • Specifies the format and the sequence of messages that are going to be used for those communications
• Example
  • HTTPS (port 443) uses the HTTPS protocol for secure web communication

Memorization Tips

• Memorize for each port
  1. Port number
  2. Default protocol
  3. Support for TCP or UDP
  4. Basic description of the port or protocol

List of Ports and Protocols

• Port 21: FTP (File Transfer Protocol) - TCP
  • Used to transfer files from host to host
• Port 22: SSH, SCP , SFTP - TCP
  • Provides secure remote terminal access and file transfer capabilities
  • Provides secure copy functions
  • Provides secure file transfer
• Port 23: Telnet - TCP
  • Provides insecure remote control of another machine using a text-based environment
  • Unencrypted and insecure (not to be used)
• Port 25: SMTP (Simple Mail Transfer Protocol) - TCP
  • Provides the ability to send email over the network
• Port 53: DNS (Domain Name System) - TCP/UDP
  • Translates domain names into IP addresses
• Port 69: TFTP (Trivial File Transfer Protocol) - UDP
  • Used as a lightweight file transfer method for sending configuration files or network booting of an operating system
• Port 80: HTTP (Hypertext Transfer Protocol) - TCP
  • Used for insecure web browsing
  • Unencrypted mode
• Port 88: Kerberos - UDP
  • Network authentication protocol
• Port 110: POP3 (Post Office Protocol v3) - TCP
  • Responsible for retrieving email from a server
• Port 119: NNTP (Network News Transfer Protocol) - TCP
  • Used for accessing newsgroups
• Port 135: RPC (Remote Procedure Call) - TCP/UDP
  • Facilitates communication between different system processes
• Ports 137, 138, 139: NetBIOS - TCP/UDP
  • Networking protocol suite
  • Used inside of a Windows domain environment to share things like internal network names as well as doing file and printer sharing in a local Windows environment
• Port 143: IMAP (Internet Message Access Protocol) - TCP
  • Allows access to email messages on a server
• Port 161: SNMP (Simple Network Management Protocol) - UDP
  • Managed network devices
• Port 162: SNMPTrap - UDP
  • Responsible for sending SNMP trap messages
• Port 389: LDAP (Lightweight Directory Access Protocol) - TCP
  • Facilitates directory services
• Port 443: HTTPS (HTTP Secure) - TCP
  • Provides secure web communication
  • Little lock in the corner of your browser
• Port 445: SMB (Server Message Block) - TCP
  • Used for file and printer sharing over a network
• Ports 465, 587: SMTPS (SMTP Secure) - TCP
  • Provides secure SMTP communication
  • Uses SSL/TLS
• Port 514: Syslog - UDP
  • Used for sending log messages
• Port 636: LDAPS (LDAP Secure) - TCP
  • LDAP communication over SSL/TLS
• Port 993: IMAPS (IMAP over SSL/TLS) - TCP
  • Used for secure email retrieval
• Port 995: POP3S (POP3 over SSL/TLS) - TCP
  • Used for secure email retrieval
• Port 1433: Microsoft SQL - TCP
  • Used to facilitate communication with Microsoft SQL Server
• Ports 1645, 1646: RADIUS (Remote Authentication) - TCP
  • Used for remote authentication, authorization, and accounting
• Ports 1812, 1813: RADIUS UDP - UDP
  • Used for authentication and accounting as defined by the Internet Engineering Task Force (IETF)
• Port 3389: RDP (Remote Desktop Protocol) - TCP
  • Enables remote desktop access
• Port 6514: Syslog TLS - TCP
  • Used in a secure syslog that uses SSL/TLS to encrypt the IP packets using a certificate before sending them across the IP network to the syslog collector

Also see Port Numbers Cheat Sheet

Study Tips

• Create flashcards with protocol, port, and connection details
• Regularly test yourself to memorize ports and protocols
• Understanding these is crucial for success in exams related to cybersecurity