TCP & UDP Ports and Protocols | CompTIA A+ 220-1001 | 2.1

In this video you will learn about TCP & UDP ports, protocols, and their purposes.

What is a Communication Protocol?

A communication protocol is a system of rules that allow two or more entities of a communication system to transmit information via any kind of variation of a physical quantity.  The protocol defines the rules, syntax, semantics and synchronization of communication and possible error recovery methods.  Protocols may be implemented by hardware, software, or a combination of both.

Protocols are designed to allow for applications to send and receive data via predefined ports on a network adapter to make connections to another computer. Port numbers on computers are used to identify protocols for the purpose of sorting various processes.  For example, if you want to visit www.TechnologyGee.com, you would open a browser and type http://www.TechnologyGee.com.  The Hypertext Transfer Protocol (HTTP) is what is being used to make a connection to the web server TechnologyGee.com.  For the transmission of data, HTTP selects an unused outbound port on your computer to send and receive data to and from the web server TechnologyGee.com.  On the TechnologyGee.com web server, port 80 (inbound port corresponding to HTTP) is open at all times to allow for a computer to make a connection to the TechnologyGee.com web server.

TCP

Transmission Control Protocol is one of the main protocols of the internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP), therefore being commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of bytes between applications running on hosts communicating via an IP network. TCP is connection-oriented and a connection between a client and a server is established before data can be sent which requires every packet that has been sent to be checked for delivery. If packets that are transmitted to a receiving computer are not received, the receiving computer cannot assemble the message and therefore the sending computer has to retransmit the missing packets. For example, if a computer sends a picture of a car but for some reason the picture is missing parts of the image that display the tires, TCP will instruct the sending computer to retransmit the missing data for the proper assembly of the image.

UDP

User Datagram Protocol is one of the core members of the internet protocol (IP) suite. With UDP, computer applications can send messages (datagrams) to other hosts on an IP network. Prior communications are not required to set up communication channels or data paths. UDP uses a simple connectionless communication model with a minimum of protocol mechanisms. UDP provides checksums for data integrity and port numbers for addressing different functions at the source and destination of the datagram. It has no handshaking dialogues like TCP, and thus exposes the user’s program to any unreliability of the underlying network, meaning, there is no guarantee of delivery, ordering, or duplicate protection. Voice over IP (VoIP) and streaming media sessions use UDP, in addition to simple queries and responses such as DNS.

TCP versus UDP Examples

An example of TCP can be thought of in terms of prerecorded videos on YouTube. A prerecorded video (stored video) is a video that has already been uploaded to YouTube and is sitting on a YouTube server somewhere. When a person uses their computer to send out a request to watch this prerecorded video, TCP engages in what is known as a 3-way handshake where the client computer says to the YouTube server, “Hey I would like to watch this video” (known as SYN, synchronize). The YouTube server responds back by saying, “Hello client computer, how are you? I have that video. Would you like to watch it?” (known as SYN-ACK, synchronize-acknowledgement). The client computer responds back by saying, “Yes, I would like to watch it.” (known as ACK, acknowledgement). The YouTube server then “sends” over the video in its entirety. If there is a disruption in the transmission of that video from the YouTube server to the client computer (also known as buffering), then the 3-way handshake would have to start over again at each break to ensure that each packet associated with that video has been sent from YouTube to the client so you can watch the complete video in its entirety.

An example of UDP would be the live streaming of a video on YouTube. A YouTuber is live streaming on their channel. You decide to tune into the live stream. During the live stream, portions of the live stream go in and out for a few seconds at a time and then goes back to “normal” picking up where the live streamer is currently at during the live broadcast. When it comes to UDP, the live stream is not engaging in a 3-way handshake to ensure you (the client computer) have received all of the missing parts of the video. With UDP, the live stream just continues to send out data packets without checking to see if you received the packets. TCP continually checks to make sure you received all of the packets so you won’t have to miss a few seconds here and there like you would during a live stream UDP transmission. If TCP were used during a live stream, every time the live stream would go in and out, TCP would have to reestablish that 3-way handshake and at whatever point in time the live stream went out. You would have to wait for YouTube to resend that missing information before you could proceed with the live stream, which would mean you would not watching the video live. You would actually be a few seconds/minutes behind from where the actual YouTuber is in the live stream.

In the above examples, each protocol served a very unique purpose. UDP is the better choice for time-sensitive information, even though it is less reliable than TCP.  In other situations, where reliability is important, TCP is beneficial. When it comes to establishing a connection, remember that it’s the inbound ports that you are connected with on a server.

Common Protocols & Their Ports

FTP

The File Transfer Protocol is a standard network protocol used for the transfer of computer files between a client and server on a computer network. FTP is also used by web browsers. To access an FTP site, you would use the prefix ftp://. Windows, Linux & macOS contain a command-line FTP program, type ftp, press Enter, and then type help at the FTP prompt to see the commands you can use.

FTP sites with downloads available to any user support anonymous FTP.  Anonymous FTP is a means by which archive sites allow general access to their archives of information. These sites create a special account called “anonymous”. User “anonymous” has limited access rights to the archive host, as well as some operating restrictions. Some FTP sites require the user to log in with a specified username and password.  One drawback to FTP is that it is not considered secure due to FTP login credentials being transmitted & authenticated in clear-text.  To increase security, use FTP secured with SSL/TLS (FTPS) or Secure File Transfer Protocol (SFTP).  FTP uses port 21.

SSH

Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. SSH is more secure than FTP and Telnet. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH. SSH servers housing data a client wants to retrieve utilizes port 22 and would need to have that port open to get access to that data. As previously mentioned, regular FTP is an insecure port, whereas, Secure FTP (SFTP) is secure by way of utilizing TCP port 22 as it run over an SSH session.

Telnet

Telnet is an application protocol used on the internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. A Telnet emulation enables a user to connect to a remote host or device using a telnet client over port 23. A telnet connection allows for a user to telnet into a computer that hosts their website to manage their files remotely versus simply downloading pages and files as he/she would with an http:// or ftp:// connection. Before a Telnet connection from a client can be established, a remote computer must already be configured to accept a Telnet login on port 23 and that port must be open before a login can take place.

To utilize the Telnet command prompt on a Windows or Linux computer by way of a command-line Telnet program, you would have to open a connection to a remote computer, followed by opening a command prompt (Windows) or Terminal session (Linux) and then typing telnet and pressing the Enter.  For help with commands, type help and press the Enter key. Telnet has been removed from recent versions of macOS due to the standard practice of using SSH. But if Telnet is still needed, it is possible to install it.

SMTP

Simple Mail Transfer Protocol is a communication protocol for email transmission. SMTP utilizes port 25 to send email from a client system to an email server, which also uses SMTP to relay messages to the receiving email server. To configure email settings on a client device, check with the ISP or organization that provides internet access for the settings such as: server(s) type (SMTP, POP3, or IMAP), port(s) used, username/password for access to the server(s), and the security settings (whether SSH is used).

DNS

Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to numerical IP addresses which are needed for locating and identifying computer services and devices with the underlying network protocols. In other words, DNS can be thought of as being the phone book for the internet. Instead of memorizing IP addresses to get a website such as Google, one could simply type in the URL (uniform resource locator…aka the web address bar) www.Google.com and the DNS will match that name up to the IP address associated with www.Google.com to take your client device to Google. When manually configuring an IP address, you typically provide the IP address of a DNS server (or the IP addresses of multiple DNS servers) as part of the configuration process. DNS uses port 53. Some techs refer to DNS as either Domain Name Service or Domain Name Server, which is not all the way technically correct, but is understood in the industry with other IT professionals.

HTTP/HTTPS

Hypertext Transfer Protocol is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser. HTTP is used by all major web browsers such as Internet Explorer, Microsoft Edge, Firefox, & Chrome. HTTP for unsecured sites use the prefix http:// whereas sites that are secured with various forms of encryption (HTTP Secure or HTTP over SSL [HTTPS]) use the prefix https://. HTTP uses port 80 and HTTPS uses port 443. To check to see if a website is secure, most browsers will display a closed padlock symbol right next to the website’s address in the web address bar.

POP3

Post Office Protocol version 3 is an application-layer internet standard protocol used by email clients to retrieve email from a mail server. Email is downloaded from the mail server to folders on a local system. For users who frequently switch between computers and/or mobile devices, POP3 email is not a suitable solution for checking emails on multiple devices due to the email being downloaded onto only one device when a client device puts in a request. Users who utilize POP3 servers to retrieve email typically use SMTP to send messages.  POP3 is the current version/standard and uses port 110.

IMAP

Internet Message Access Protocol is an internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP was designed with the goal of permitting complete management of an email box by multiple email clients, therefore clients generally leave messages on the server which can be retrieved from multiple devices from any location until the user explicitly deletes them. IMAP4 is the current version of IMAP. To configure an IMAP-based email account, you must select IMAP as the email server type, specify the name of the server, your username/password, and whether the server uses SSL.  IMAP uses port 143.

NetBIOS/NetBT

Network Basic Input/Output System (NetBT means NetBIOS over TCP/IP) is a protocol that allows some legacy applications that were developed in 1987 (before the TCP/IP became the standard) to work on larger networks and the internet. NetBIOS/NetBT uses ports 137-139.

SMB/CIFS

Server Message Block, one version of which was also known as Common Internet File System (CIFS), is a network communication protocol for providing shared access to files, printers, and serial ports between nodes on a network. It also provides an authenticated interprocess communication mechanism by way of using packets that authenticate remote computers. SMB uses ports 137-139 for SMB traffic using NetBIOS over TCP (NetBT) and 445 for SMB hosted on TCP. CIFS was originally used as the standard method for sharing files via corporate intranets and the internet. CIFS has now been widely replaced by updated versions of SMB (SMB 2.0 and 3.0).

SLP

Service Location Protocol is a service discovery protocol that allows computers and other devices to find services in a LAN without prior configuration. SLP allows devices to provide their configuration information to hosts. SLP has been designed to scale from small, unmanaged networks to large enterprise networks. SLP is used by devices to announce services on a local network, such as printers on the LAN. Prior to SLP, devices needed to have services specifically configured. SLP uses port 427.

AFP

Apple Filing Protocol, formerly known as AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS. Apple Filing Protocol uses TCP/IP for transport and utilizes port 548. macOS 10.9 (Mavericks) and newer versions use AFP to connect to devices running older macOS versions and for Apple’s Time Machine backup app.

RDP

Remote Desktop Protocol is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose (Remote Desktop Services), while the other computer must run RDP server software (Remote Desktop Connection). RDP uses port 3389.

DHCP

Dynamic Host Configuration Protocol is a network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device (PCs, printers, servers, routers, etc) on a network so they can communicate with other IP networks. A DHCP server enables computers to request IP addresses and networking parameters automatically from the ISP, reducing the need for a network administrator or a user to manually assign IP addresses to all network devices. In the absence of a DHCP server, a computer or other device on the network needs to be manually assigned an IP address, or to assign itself an APIPA address, the latter of which will not enable it to communicate outside its local network. If you get your address from a DHCP server, you are getting your address assigned dynamically, and it could change periodically. Some devices on the network require static addresses that do not change, such as printers, servers which have to be assigned manually by a network administrator. This enables these devices to be more reliable and easily accessible over time. DHCP uses ports 67 and 68, where UDP port number 67 is the destination port of a server, and UDP port number 68 is used by the client.

SNMP

Simple Network Management Protocol is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, etc. and they are often incorporated into software known as a network management system (NMS). The NMS is the main software installed on a computer known as a manager that controls everything SNMP-based. The devices to be monitored are known as managed devices.  NMS installs a small piece of software known as an agent that allows the NMS to monitor those managed devices. SNMP uses ports 161 and 162.

LDAP

Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an IP network. Domain directory services play an important role in developing intranet and internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As such, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Microsoft refers to this as directory services.  LDAP uses port 389.