CompTIA® Network+ Exam Notes : Uses Of Ports And Protocols

1. Networking Concepts

1.3 Uses of ports and protocols

Internet protocols use Well Known port numbers, based on which the packet type is identified.

Commonly used TCP and UDP default ports are as given below:

TCP ports

 FTP 20, 21 
 SSH 22
 SMTP 25
 DNS 53
 HTTP 80
 NTP 123
 HTTPS 443 
 WWW 80
 SSL 443 (Secure socket layer)
 SNMP 161
 SSH 22
 POP3 110
 IMAP 143

UDP ports

 TFTP 69 
 DNS 53 
 SNMP 161 

Note that non-secure email communications use ports 110 and 143.

Port 110 - this is the default POP3 non-encrypted port

Port 995 - this is the port you need to use if you want to connect using POP3 securely

Port 143 - this is the default IMAP non-encrypted port

Port 993 - this is the port you need to use if you want to connect using IMAP securely

Port 465 - this is the port used if you want to send messages using SMTP securely


If you want to access the email server without encryption, then the ports 110/143 need to be accessible.

Various ports that are used for secure email transmission using TLS/SSL are given below:

995 TCP - Post Office Protocol 3 over TLS/SSL (POP3S) (Official)

993 TCP - Internet Message Access Protocol over SSL (IMAPS) (Official)

587 TCP - e-mail message submission (SMTP)

443 TCP - HTTPS (Hypertext Transfer Protocol over SSL/TLS)


Please note that FTP, Telnet, and SMTP use TCP; whereas TFTP and SNMP use UDP.

On a Web server, using SSL, port 443 is the port that the server "listens to" or expects to receive from a Web client, assuming that the default was taken when the server was configured or set up. A port can be specified in the range from 0-65536 on the NCSA server. By default, the port number for a secure Web server is 443 inbound.

When you are accessing a Web page, the browser sends the request over the default port number (For WWW, the default port number is 80). For any reason, If you change the default port number that a Web server listens to, users need to specify the port number in the URL.

SMTP: SMTP is the most widely used e-mail standard on the Internet, and part of TCP/IP stack. SMTP can be used to upload mail over Internet to a Mail server.

POP: POP is used for downloading mail from a mail server to a client machine running POP client.

A SMTP server listens to port 25, and the POP server listens to port 110 by default. Therefore, you need to keep these two ports open for communication with remote client computers. All other ports can be blocked to prevent misuse.

FTP (File Transfer Protocol): It is a client/server protocol used for transferring files between the client computer and server computer, and uses TCP/IP. FTP utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally, for Active FTP, these are port 21 for the commands and port 20 for the data. If a firewall is to be configured for FTP, allow both the ports for proper FTP connectivity. FTP transfers files in unencrypted form , even the authentication occurs in clear text for FTP and Telnet. A hacker may gain access to an FTP server by exploiting this weakness.


There is another form of FTP, known as Passive FTP. Passive FTP uses port 21 for commands, and any port greater than 1023 for data.


Note that the FTP client computer uses any ports greater than 1023 for communicating with the FTP server. FTP is a connection oriented protocol. It uses TCP/IP for file transfer.

HTTP (Hyper Text Transfer Protocol) and HTML (Hyper Text Markup Language): HTTP and HTML used for browsing the Web. HTTP is the protocol used for accessing the World Wide Web services. HTTP operates over TCP/IP. TCP/IP is the protocol, which is used by all internet applications such as WWW, FTP, Telnet etc. IPX/SPX is proprietary protocol stack of Novell NetWare.

TFTP (Trivial File Transfer Protocol): TFTP is a a simple form of the File Transfer Protocol (FTP). TFTP uses the User Datagram Protocol (UDP) and provides no security features. It has least amount of overhead, and as a result the fastest file transfer protocol.

SFTP: SFTP or secure FTP, is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in the clear over the network. It is functionally similar to FTP, but because it uses a different protocol, you can't use a standard FTP client to talk to an SFTP server, nor can you connect to an FTP server with a client that supports only SFTP.

Simple Network Management Protocol (SNMP): SNMP is an application-layer protocol defined by the Internet Architecture Board (IAB) for exchanging management information between network devices. It is a part of Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP is one of the widely accepted protocols to manage and monitor network elements. Security is based on the concept of communities. All machines that are part of same community can talk to one another. Basically, the name of the community is like a password and should be treated that way. Only agents and managers that are part of the same community can talk to one another. The default community name is "public". For security reasons, it is better to change the community name to a difficult to guess name. SNMP uses UDP over IP. It Used to monitor and manage network devices

Numbers 0 - 255 are used for public applications

Numbers 255 - 1023 are assigned to companies so that they can use these port numbers in their applications.

Numbers above 1023 are used by upper layers to set up sessions with other hosts and by TCP to use as source and destination addresses.

SIP operates at the application layer of the OSI model and is used to maintain a multimedia session. SIP uses ports 5060 and 5061.

Protocol Types:

TCP and UDP: The port number used by TCP is 6 and that of UDP is 17. TCP and UDP work at transport layer or the Host-to-Host layer of DOD Model.

TCP is a full-duplex, connection-oriented protocol. It incorporates error checking as well.

UDP (User Datagram Protocol): UDP is a thin protocol. UDP is a connectionless protocol. It doesn't contact the destination before sending the packet and doesn't care whether the packet is reached at the destination.

UDP is a connectionless protocol and TCP is a connection oriented protocol.

Connection oriented Protocols:

1. It guarantees transmitted data will reach its destination

2. It sequences the packets such that the packets are received in a sequenced manner at the destination.

3. TCP/IP is an example of connection oriented protocol.

Connectionless protocols:

1. Connectionless protocols do not guarantee packet delivery.

2. The advantage is less over-head.

3. UDP/IP is an example of connectionless protocol.

ICMP: ICMP (Internet Message Control Protocol) messages are used for basic error reporting between host to host, or host to gateway. It is not used for error reporting between Gateways. ICMP messages are encapsulated using the IP protocol. For example, the command "ping" uses ICMP protocol. In the OSI Reference model, ICMPs are generally considered part of the IP layer. It sends an ICMP message if the destination is unreachable. Routers can make alternate route decisions based on ICMP messages, if appropriate.


Tracert and Ping use ICMP as their base protocol. Telnet and FTP use TCP/IP protocol.
Telnet is used for terminal emulation. Telnet requires an username and password to access.

IP: IP is the protocol that works at Internet layer. It forwards the packets based on the network address (IP address) in the packets and the routing tables.

ARP (Address Resolution Protocol): IP works at network layer. IP address is a logical address. If a packet is to be delivered to a destination machine, its physical address (MAC address) needs to be known. ARP is a protocol, which enables a machine to obtain its MAC address from a known IP address. It essentially maps logical and physical addresses.

Reverse ARP (RARP): RARP is used to obtain an IP address using an RARP broadcast. RARP can be used to boot diskless workstations over a network. RARP is used to obtain IP address from a known MAC address.

BootP (Bootstrap Protocol): When a diskless workstation is powered on, it broadcasts a BootP request on the network. A BootP server responds with its IP address, Default gateway, etc.

Both PPP and SLIP can be used for dial up connections. However, SLIP can't be used where the IP address need to be assigned dynamically. The advantage of PPP is multi protocol support, that it can support TCP/IP, IPX, AppleTalk etc. SLIP can support only TCP/IP and IP addresses need to be assigned manually.

The server computer runs the service (also called daemon), where as the remote client computers run the client process. A protocol, such as TCP/IP is required for communication.

Real-Time Transport Protocol (RTP): is an Internet protocol standard that specifies a way for programs to manage the real-time transmission of multimedia data over either unicast or multicast network services. RTP is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications, television services and web-based push-to-talk features. Used for delivering media-based data over networks, such as Voice over IP. It is an Internet protocol for transmitting real-time data such as audio and video. RTP runs on top of the UDP protocol.

1. RTCP: RTCP works hand in hand with RTP. RTP does the delivery of the actual data, where as RTCP is used to send control packets to participants in a call. The primary function is to provide feedback on the quality of service being provided by RTP.

2. Real-Time Transport Protocol (RTP): is an Internet protocol standard that specifies a way for programs to manage the real-time transmission of multimedia data over either unicast or multicast network services. RTP is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications, television services and web-based push-to-talk features.

3. Real Time Streaming Protocol (RTSP): is a protocol used for establishing and maintaining communications with a media server (for example, a video server).

Variables associated with real-time services are presence and multicast/unicast. Presence simply means being connected to the medium in question and being able to respond to the real-time data.

4. H.323 is a signalling protocol used to provide multimedia communications over a network. It's port number is 1720.

5. Media Gateway Control Protocol (MGCP): Used as a call control and communication protocol for Voice over IP networks


Telnet is used to access UNIX and Linux systems. Telnet uses port 23 and is insecure. SSH is considered the secure replacement for Telnet.

Previous   Contents   Next

Network+ Cram Notes Contents ad