N10-007 Compare and contrast the following ports and protocols

Ports identify how a communication process occurs. Ports are special addresses that allow communication between hosts. A port number is added from the origi- nator, indicating which port to communicate with on a server. If a server has a port defined and available for use, it will send back a message accepting the request. If the
port isn’t valid, the server will refuse the connection. The Internet Assigned Numbers Authority (IANA) has defined a list of ports called well-known ports.

A port address or number is nothing more than a bit of additional information added either to the TCP or UDP message. This information is added in the header of the packet. The layer below it encapsulates the message with its header.

Many of the services you’ll use in the normal course of using the Internet use the TCP port numbers identified in following table. The other table identifies some of the more common, well-known UDP ports. You will note that some services use both TCP and UDP ports, whereas many use only one or the other.

TCP Port Number   Service
 20  FTP (data channel)
 21  FTP (Control Channel)
 22  SSH and SCP
 23  Telnet
 25  SMTP
 49  TACACS authentication service
 80  HTTP (used for world wide web)
 110  POP3
 115  SFTP
 119  NNTP
 137  NetBIOS name service
 138  NetBIOS datagram service
 143  IMAP
 389  LDAP
 443  HTTPS (used for secure web connections)
 989  FTPS (data channel)
 3389  MS WBT Server


Well-known UDP ports

UDP Port Number  Service 
 22  SSH and SCP
 49  TACACS authentication service
 53  DNS name queries
 69  Trivial File Transfer Protocol (TFTP)
 80  HTTP (used for world wide web)
 137  NetBIOS name Service
 138  NetBIOS datagram service
 139  NetBIOS session service
 143  IMAP
 161  SNMP
 389  LDAP
 989  FTPS (data channel)
 990  FTPS (control channel)
 3389  MS WBT server

The early documentation for these ports specified that ports below 1024 were restricted to administrative uses. However, enforcement of this restriction has been voluntary, and it is creating problems for computer security professionals. As you can see, each of these ports potentially requires different security considerations, depending on the application to which it’s assigned. All of the ports allow access to your network; even if you establish a firewall, you must have these ports open if you want to provide email or web services.

Hypertext Transfer Protocol Hypertext Transfer Protocol (HTTP) is the protocol used for web pages and the World Wide Web. HTTP applications use a standard language called Hypertext Markup Language (HTML). HTML files are normal text files that contain special coding that allows graphics, special fonts, and characters to be displayed by a web browser or other web-enabled applications. The default port is 80, and the URL begins with http://.

HTTP Secure HTTP Secure (HTTPS) is the protocol used for “secure” web pages that users should see when they must enter personal information such as credit card numbers, passwords, and other identifiers. It combines HTTP with SSL/TLS to provide encrypted communication. The default port is 443, and the URL begins with https:// instead of http://. Netscape originally created the protocol for use with their browser, and it became an accepted standard with RFC 2818.

File Transfer Protocol File Transfer Protocol (FTP) is an application that allows connections to FTP servers for file uploads and downloads. FTP is a common application that uses ports 20 and 21 by default. It is used to transfer files between hosts on the Internet but is inherently insecure. A number of options have been released to try to create a more secure protocol, including FTP over SSL (FTPS), which adds support for SSL cryptography, and SSH File Transfer Protocol (SFTP), which is also known as Secure FTP.

An alternative utility for copying files is Secure Copy (SCP), which uses port 22 by default and combines an old remote copy program (RCP) from the first days of TCP/IP with SSH. On the opposite end of the spectrum from a security standpoint is the Trivial File Transfer Protocol (TFTP), which can be configured to transfer files between hosts without any user interaction (unattended mode). It should be avoided anywhere there are more secure alternatives.

Simple Mail Transfer Protocol Simple Mail Transfer Protocol (SMTP) is the standard protocol for email communications. SMTP allows email clients and servers to communicate with each other for message delivery. The default port is 25.

Telnet Telnet is an interactive terminal emulation protocol. It allows a remote user to con- duct an interactive session with a Telnet server. This session can appear to the client as if it were a local session.

Domain Name System Domain Name System (DNS) allows hosts to resolve hostnames to an Internet Protocol (IP) address. The default port used by name queries for this service is 53.

Remote Desktop Protocol The Remote Desktop Protocol (RDP) is becoming more common in the workplace, and it allows Windows-based terminal servers to run on port 3389 by default.

Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a management tool that allows communications between network devices and a management console. Most routers, bridges, and intelligent hubs can communicate using SNMP.

Post Office Protocol Post Office Protocol (POP) is a protocol used for receiving email. It enables the implementation of advanced features, and it is a standard interface in many email servers. The default port for version 3 (POP3) is 110. In its place, many systems now use the Internet Message Access Protocol (IMAP), which uses port 143 by default. The primary difference between the two is that POP was originally created to move email to your client machine and not keep it on the server, whereas IMAP was intended to store the email on the server and allow you to access it from there. Although those remain default options, today you can configure POP not to delete from the server automatically and IMAP to do so. For this reason, most email providers allow you to use either POP or IMAP and even change between them.


TCP is responsible for providing a reliable, one-to-one, connection-oriented ses- sion. TCP establishes a connection and ensures that the other end receives any packets sent. Two hosts communicate packet results with each other. TCP also ensures that packets are decoded and sequenced properly. This connection is persistent during the session. When the session ends, the connection is torn down.


UDP provides an unreliable connectionless communication method between hosts. UDP is considered a best-effort protocol, but it’s considerably faster than TCP. The ses- sions don’t establish a synchronized session like the kind used in TCP, and UDP doesn’t guarantee error-free communications. The primary purpose of UDP is to send small pack- ets of information. The application is responsible for acknowledging the correct reception of the data.