Network Ports & Protocols | Network+ N10-007 | 1.1

In this video you will learn about the purpose & uses of various networking ports & protocols.

Protocols & Ports

SSH & SFTP (port 22)

Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network.  SSH is more secure than FTP and Telnet.  Typical applications include remote command-line, login, & remote command execution, but any network service can be secured with SSH.  SSH servers housing data a client wants to retrieve utilizes port 22 and would need to have that port open to get access to that data.  As previously mentioned, regular FTP is an insecure port, whereas, Secure Shell FTP (SFTP) is secure by way of utilizing TCP port 22 as it is run over an SSH session.

DNS (port 53)

Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the internet or a private network.  It associates various information with domain names assigned to each of the participating entities.  Most prominently, it translates more readily memorized domain names to numerical IP addresses which are needed for locating and identifying computer services and devices with the underlying network protocols.  In other words, DNS can be thought of as being the phone book for the Internet.  Instead of memorizing IP addresses to get to a website such as YouTube, one could simply type in the URL (uniform resource locator…aka the web address bar) www.YouTube.com and the DNS will match the name up to the IP address associated with www.YouTube.com to take your client device to YouTube.  When manually configuring an IP address, you typically provide the IP address of a DNS server (or the IP addresses of multiple DNS servers) as part of the configuration process.  Some techs refer to DNS as either Domain Name Service or Domain Name Server, which is not all the way technically correct, but is understood in the industry with other IT professionals.

SMTP (port 25)

Simple Mail Transfer Protocol is a communication protocol for email transmission.  SMTP utilizes port 25 to send email from a client system to an email server, which also uses SMTP to relay messages to the receiving email server.  To configure email settings on a client device, check with the ISP or organization that provides internet access for the settings such as:  server(s) type (SMTP, POP3, or IMAP), port(s) used, username/password for access to the server(s), and the security settings (whether SSH is used).

FTP (port 20 & 21)

The File Transfer Protocol is a standard network protocol used for the transfer of computer files between a client and server on a computer network.  FTP is also used by web browsers.  To access an FTP site, you would use the prefix ftp://.  Windows, Linux & macOS contain a command-line FTP program, type ftp, press Enter, and then type help at the FTP prompt to see the commands you can use.

FTP sites with downloads available to any user support anonymous FTP.  Anonymous FTP is a means by which archive sites allow general access to their archives of information.  These sites create a special account called “anonymous”.  User “anonymous” has limited access rights to the archive host, as well as some operating restrictions.  Some FTP sites require the user to log in with a specified username & password.  One drawback to FTP is that it is not considered secure due to FTP login credentials being transmitted & authenticated in clear-text.  To increase security, use FTP secured with SSL/TLS (FTPS) or Secure File Transfer Protocol (SFTP).

TFTP (port 69)

Trivial File Transfer Protocol is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host.  One of its primary uses is in the early stages of nodes booting from a local area network (LAN).  TFTP has been used for this application because it is very simple to implement.  Due to its simple design, TFTP can be easily implemented by code with a small memory footprint.  It is therefore the protocol of choice for the initial stages of any networking booting strategy like BOOTP, PXE, BSDP, etc, when targeting from highly resourced computers to very low resourced single-board computers (SBC) and System on a Chip (SoC).  It is also used to transfer firmware images and configuration files to network appliances like routers, firewalls, IP phones, etc.  Today, TFTP is virtually unused for Internet transfers.

Telnet (port 23)

Telnet is an application protocol used on the internet or LAN to provide bidirectional interactive text-oriented communication facility using a virtual terminal connection.  A Telnet emulation enables a user to connect to a remote host or device using a telnet client over port 23.  A telnet connection allows for a user to telnet into a computer that hosts their website to manage their files remotely versus simply downloading pages & files as he/she would with an http:// or ftp:// connection.  Before a Telnet connection from a client can be established, a remote computer must already be configured to accept a Telnet login on port 23 and that port must be open before a login can take place.

To utilize the Telnet command prompt on a Windows or Linux computer by way of a command-line Telnet program, you would have to open a connection to a remote computer, followed by opening a command prompt (Windows) or Terminal session (Linux) and then typing telnet and pressing Enter.  For help commands, type help and press the Enter key.  Telnet has been removed from recent versions of macOS due to the standard practice of using SSH. But if Telnet is still needed, it is possible to install it.

DHCP (port 67 & 68)

Dynamic Host Configuration Protocol is a network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device (PCs, printers, servers, routers, etc.) on a network so they can communicate with other IP networks.  A DHCP server enables computers to request IP addresses and networking parameters automatically from the ISP, reducing the need for a network administrator or a user to manually assign IP addresses to all network devices.  In the absence of a DHCP server, a computer or other device on the network needs to be manually assigned an IP address, or to assign itself an APIPA address, the latter of which will not enable it to communicate outside its local network.  If you get your address from a DHCP server, you are getting your address assigned dynamically, and it could change periodically.  Some devices on the network require static addresses that do not change, such as printers & servers which have to be assigned manually by a network administrator.  This enables these devices to be more reliable and easily accessible over time.  DHCP uses ports 67 & 68, where UDP port number 67 is the destination port of a server, and UDP port number 68 is used by the client.

HTTP (port 80) & HTTPS (port 443)

Hypertext Transfer Protocol is an application protocol for distributed, collaborative, hypermedia information systems.  HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.  HTTP is used by all major web browsers such as Internet Explorer, Microsoft Edge, Firefox, & Chrome.  HTTP for unsecured sites use the prefix http:// whereas sites that are secured with various forms of encryption (HTTP Secure or HTTP over SSL [HTTPS]) use the prefix https://.  HTTP uses port 80 & HTTPS uses port 443.  To check to see if a website is secure, most browsers will display a closed padlock symbol right next to the website’s address in the web address bar.

SNMP (port 161)

Simple Network Management Protocol is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, etc. and they are often incorporated into software known as a network management system (NMS). The NMS is the main software installed on a computer known as a manager that controls everything SNMP-based. The devices to be monitored are known as managed devices.  NMS installs a small piece of software known as an agent that allows the NMS to monitor those managed devices. SNMP uses port 161.

RDP (port 3389)

Remote Desktop Protocol is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose (Remote Desktop Services), while the other computer must run RDP server software (Remote Desktop Connection). RDP uses port 3389.

NTP (port 123)

The Network Time Protocol is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.  NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC).  It uses the intersection algorithm to select accurate time servers and is designed to mitigate the effects of variable network latency.  NTP can usually maintain time to within tens of milliseconds over the public Internet, and can achieve better than one millisecond accuracy in LANs under ideal conditions.  Asymmetric routes and network congestion can cause errors of 100ms or more.  The protocol is usually described in terms of a client-server model, but can as easily be used in peer-to-peer relationships where both peers consider the other to be a potential time source.  Implementations send and receive timestamps using UDP port 23.  They can also use broadcasting and multicasting, where clients passively listen to time updates after an initial round-trip calibrating exchange.  NTP supplies a warning of any impending leap second adjustment, but no information about local time zones or daylight saving time is transmitted.

SIP (port 5060 & 5061)

The Session Initiation Protocol is a signaling protocol used for initiating, maintaining, & terminating real-time sessions that include voice, video and messaging applications.  SIP is used for signaling and controlling multimedia communication sessions in applications of Internet telephony for voice & video calls, in private IP telephone systems, in instant messaging over Internet Protocol (IP) networks as well as mobile phone calling over LTE (VoLTE).  The protocol defines the specific format of messages exchanged and the sequence of communications for cooperation of the participants.  SIP is a text-based protocol, incorporating many elements of HTTP and SMTP.  A call established with SIP may consist of multiple media streams, but no separate streams are required for applications, such as text messaging, that exchange data as payload in the SIP message.  SIP clients typically use TCP or UDP on port numbers 5060 or 5061 for SIP traffic to servers and other endpoints.  Port 5060 is commonly used for non-encrypted signaling traffic whereas port 5061 is typically used for traffic encrypted with Transport Layer Security (TLS).

SMB (port 445)

Server Message Block, one version of which was also known as Common Internet File System (CIFS), is a network communication protocol for providing shared access to files, printers, and serial ports between nodes on a network. It also provides an authenticated interprocess communication mechanism by way of using packets that authenticate remote computers. SMB uses ports 137-139 for SMB traffic using NetBIOS over TCP (NetBT) and 445 for SMB hosted on TCP. CIFS was originally used as the standard method for sharing files via corporate intranets and the internet. CIFS has now been widely replaced by updated versions of SMB (SMB 2.0 and 3.0).

POP3 (port 110)

Post Office Protocol version 3 is an application-layer internet standard protocol used by email clients to retrieve email from a mail server. Email is downloaded from the mail server to folders on a local system. For users who frequently switch between computers and/or mobile devices, POP3 email is not a suitable solution for checking emails on multiple devices due to the email being downloaded onto only one device when a client device puts in a request. Users who utilize POP3 servers to retrieve email typically use SMTP to send messages.  POP3 is the current version/standard and uses port 110.

IMAP (port 143)

Internet Message Access Protocol is an internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP was designed with the goal of permitting complete management of an email box by multiple email clients, therefore clients generally leave messages on the server which can be retrieved from multiple devices from any location until the user explicitly deletes them. IMAP4 is the current version of IMAP. To configure an IMAP-based email account, you must select IMAP as the email server type, specify the name of the server, your username/password, and whether the server uses SSL.  IMAP uses port 143.

LDAP (port 389 & 636)

Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an IP network. Domain directory services play an important role in developing intranet and internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As such, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Microsoft refers to this as directory services.  LDAP uses port 389.  LDAPS over TLS/SSL uses port 636.

H.323 (port 1720)

H.323 defines the protocols to provide audio-visual communication sessions on any packet network.  The H.323 standard addresses call signaling and control, multimedia transport and control, and bandwidth control for point-to-point and multi-point conferences.  It is widely implemented by voice and videoconferencing equipment manufacturers, is used within various Internet real-time applications and is widely deployed worldwide by service providers and enterprises for both voice and video services over IP networks.

Protocol Types

What is a Communication Protocol?

A communication protocol is a system of rules that allow two or more entities of a communication system to transmit information via any kind of variation of a physical quantity.  The protocol defines the rules, syntax, semantics and synchronization of communication and possible error recovery methods.  Protocols may be implemented by hardware, software, or a combination of both.

Protocols are designed to allow for applications to send and receive data via predefined ports on a network adapter to make connections to another computer. Port numbers on computers are used to identify protocols for the purpose of sorting various processes.  For example, if you want to visit www.TechnologyGee.com, you would open a browser and type http://www.TechnologyGee.com.  The Hypertext Transfer Protocol (HTTP) is what is being used to make a connection to the web server TechnologyGee.com.  For the transmission of data, HTTP selects an unused outbound port on your computer to send and receive data to and from the web server TechnologyGee.com.  On the TechnologyGee.com web server, port 80 (inbound port corresponding to HTTP) is open at all times to allow for a computer to make a connection to the TechnologyGee.com web server.

ICMP

The Internet Control Message Protocol is a supporting protocol in the Internet protocol (IP) suite.  It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached.  ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute).

UDP

User Datagram Protocol is one of the core members of the internet protocol (IP) suite. With UDP, computer applications can send messages (datagrams) to other hosts on an IP network. Prior communications are not required to set up communication channels or data paths. UDP uses a simple connectionless communication model with a minimum of protocol mechanisms. UDP provides checksums for data integrity and port numbers for addressing different functions at the source and destination of the datagram. It has no handshaking dialogues like TCP, and thus exposes the user’s program to any unreliability of the underlying network, meaning, there is no guarantee of delivery, ordering, or duplicate protection. Voice over IP (VoIP) and streaming media sessions use UDP, in addition to simple queries and responses such as DNS.

TCP

Transmission Control Protocol is one of the main protocols of the internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP), therefore being commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of bytes between applications running on hosts communicating via an IP network. TCP is connection-oriented and a connection between a client and a server is established before data can be sent which requires every packet that has been sent to be checked for delivery. If packets that are transmitted to a receiving computer are not received, the receiving computer cannot assemble the message and therefore the sending computer has to retransmit the missing packets. For example, if a computer sends a picture of a car but for some reason the picture is missing parts of the image that display the tires, TCP will instruct the sending computer to retransmit the missing data for the proper assembly of the image.

IP

The Internet Protocol is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries.  Its routing function enables internetworking, and essentially establishes the Internet.  IP has the task of delivering packets from the source host to the destination host solely based on the IP addresses in the packet headers.  For this purpose, IP defines packet structures that encapsulate the data to be delivered.  It also defines addressing methods that are used to label the datagram with source & destination information.