TCP/IP Ports and Protocols
TCP and UDP ports and protocols make different parts of the Internet work properly.
WHAT ARE PORTS?
Computers use the Internet Protocol (IP) to communicate on networks. IP allows a packet to reach its destination computer, identified by the IP address. On top of IP, most communications use either the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) to deliver that packet to a particular service on the destination system. Each of these services is uniquely identified by a port.
Think of it this way an IP address is like a street address that identifies a specific building. A port is like an apartment number that identifies a specific location in that building. Each computer has two sets of ports numbered from 0 to 65,534. One set of ports is for TCP communication, and the other set of ports is for UDP communication.
The services addressed by these ports each provide a function that enables connections with other devices, such as email, web browsing, IP address assignments, and more. To enable the many types of server services on each device to function, different TCP or UDP (or sometimes both) ports are used for each service.
TCP and UDP ports are assigned by an organization called the Internet Assigned Numbers Authority (IANA). In the following sections, we’ll identify the services used by particular TCP and UDP ports. These ports, and others, use port numbers assigned by IANA. Port numbers from 0 to 1023 are called well-known ports. They have predefined uses and generally shouldn’t be used for other purposes to avoid confusion.
PORTS AND PROTOCOLS
You need to know the following protocols and their associated ports for the CompTIA A+ Core 1 exam. They make the Internet work.
Firewalls are used to block unwanted traffic by blocking ports. Most firewalls are automatically configured to permit traffic through the well-known ports discussed in this chapter. But if a firewall is misconfigured, you would need to set up an exception (allowing traffic through) for the ports needed for a protocol.
20/21—File Transfer Protocol
File Transfer Protocol (FTP) is used to transfer files between remote sites and network devices. FTP can be used within web browsers or with command-line FTP utilities in Windows, Linux, and macOS.
FTP uses ports 20 and 21; 20 is used to send files, and 21 is used for controlling the connection. Trivial File Transfer Protocol (TFTP) is a stripped-down version of File Transfer Protocol (FTP). Neither FTP nor TFTP includes encryption or other security mechanisms, so they are not safe for use with secure applications.
22—Secure Shell
Secure Shell (SSH) is used to create a secure connection by a variety of other services such as HTTPS, Secure Copy (SCP), and SFTP, among others. SSH uses port 22.
Secure File Transfer Protocol (SFTP) is a version of FTP that uses SSH to secure the connection. Secure Copy (SCP) is a network copy command that uses SSH to secure the connection. Because both SFTP and SCP use SSH, they both also use port 22.
23—Telnet Telnet creates a text-based connection to a remote device, enabling it to be controlled remotely. Telnet is an early remote access protocol, which is not at all secure. Because it is insecure, Telnet should not be used on modern networks.
67/68—Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol (DHCP) is used to provide an IP address to a device that connects to a TCP/IP-based network. During the connection process, the client device sends a discovery message to the DHCP server, the server offers an address, the client requests the offered IP address, and the server sends an acknowledgment message. DHCP uses port 67 at the server and port 68 at the client.
25—Simple Mail Transfer Protocol
Simple Mail Transfer Protocol (SMTP) is used to transport email between the sender and receiver. A client email device uses SMTP to send email to an email server. The email server uses SMTP to send the message to the destination email server. SMTP uses port 25.
53—Domain Name System
Domain Name System (DNS) is the name for the network of domain name servers. DNS servers translate domain names into IP addresses. Thanks to DNS, when you enter www.wiley.com into your browser, for example, DNS translates the URL into the IP
address needed to display the home page in your browser.
DNS servers may be provided automatically by a network connection, but they can also be set up manually. DNS servers are referred to by their IP addresses.
For greater security or if DNS stops working, you can flush existing records in Windows by opening a command prompt and typing ipconfig /flushdns. You can also flush DNS in macOS or Linux. DNS uses port 53.
80—Hypertext Transfer Protocol Hypertext Transfer Protocol (HTTP) is the nonsecure protocol used by web browsers. When you see a URL such as http://example.com, HTTP is the protocol used to request and receive the contents of the web page. Most websites today use the secure version, HTTPS, instead of HTTP. Hypertext Markup Language (HTML) is a markup language that provides rules about text and image links (hypertext), how the page appears and is structured (markup), and a consistent syntax for commands (language). HTML is the basic language of web pages.
HTTP uses TCP port 80. 110—Post Office Protocol 3
Post Office Protocol 3 (POP3), as the name suggests, is used to receive email. To use POP3, the protocol must be configured on the receiver’s email server and on the receiver’s device.
Unlike IMAP (discussed later), POP3 stores email on the recipient’s local computer or device. While this allows email to be viewed online, it also means that a user that checks POP3 email with a desktop and a mobile device will have a separate POP3 messages stored
on each device received only on that device. In an era of always-on Internet and multiple device usage by most people, IMAP is a better choice.
POP3 uses port 110. 137–139—Network Basic Input/Output System/NetBIOS over TCP/IP Network Basic Input/Output System (NetBIOS) was originally created to support software running using local area networks (LANs) before TCP/IP. NetBIOS, as such, isn’t routable, so
it can’t be used in a modern Internet-based network like TCP/IP without some help. Net- BIOS over TCP/IP (NetBT) enables NetBIOS-aware
apps to run on TCP/IP. NetBT can be disabled if legacy apps that need it are not present on a network. NetBIOS and NetBT uses ports 137, 138, and 139.
143—Internet Mail Access Protocol Internet Mail Access Protocol (IMAP), as the name suggests, is used to receive email. To
use IMAP, the protocol must be installed on the receiver’s email server and on the receiver’s device.
IMAP has largely replaced POP3 for receiving mail because IMAP stores mail on the IMAP server and supports email folders on the server, making it easy to organize messages. Thus, a user with multiple computers and mobile devices can access all of their email from
any device. IMAP uses port 143. 161/162—Simple Network Management Protocol Simple Network Management Protocol (SNMP) is used to monitor network operation. Routers, switches, and other devices that can be monitored with SNMP are known as managed devices. They contain agents, software that interacts with SNMP to enable network management. A variety of network management systems use SNMP to monitor agents. SNMP uses port 161 to send messages from the SNMP manager to agents (managed devices) and uses port 162 to receive messages indicating problems (known as traps) from agents.
389—Lightweight Directory Access Protocol
Modern networks store an immense amount of information, including usernames, passwords, email addresses, and much more. Lightweight Directory Access Protocol (LDAP) creates a directory of this information, enabling business applications on a network to quickly
find the information they need. LDAP should not be confused with the Microsoft proprietary Active Directory, as LDAP is vendor-neutral
and can query Active Directory as well as other information stores. LDAP uses port 389. 443—Hypertext Transfer Protocol Secure
Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP. HTTPS is used to create secure connections between remote servers and web browsers.
Originally used primarily for e-banking and e-commerce, the desire for greater web security has encouraged widespread use of HTTPS connections. Most browsers will automatically toggle an HTTP query to HTTPS if the URL doesn’t offer an HTTP connection. HTTPS is
encrypted with TLS (formerly SSL) and typically uses a closed padlock icon in the address barto indicate a secure connection is being used.
HTTPS uses port 443.
Secure Sockets Layer (SSL) is the original secure transmission protocol used in web pages. SSL encrypts pages, provides a handshake process to authenticate both ends of a connection, and digitally signs data to assure data integrity.
SSL. TLS was introduced in 1999 and provides authentication, privacy, and data integrity. 445—Server Message Block/Common Internet File System Server Message Block (SMB)/Common Internet File System (CIFS) are related protocols that need to be discussed together. SMB is the protocol that enables file, print, and device sharing on the original Microsoft Windows networks using Windows NT 4.0 or Windows for
Workgroups 3.1 in the mid-1990s.
SMB was developed for use with NetBIOS and originally used port 139 just like NetBIOS itself. SMB was modified to use TCP/IP and has been improved for greater security and flexibility. CIFS is Microsoft’s implementation of SMB for file sharing. The TCP/IP version of SMB/CIFS use port 445.
3389—Remote Desktop Protocol
Remote Desktop Protocol (RDP) is an exception to the other protocols in this chapter for a couple of reasons.
RDP is a proprietary Microsoft protocol. RDP uses a reserved port rather than a well-known port.
RDP enables remote connections to a Windows device by using a graphical interface. The command to start Remote Desktop Protocol from the Windows Run command is mstsc. The name, the acronym for Microsoft Terminal Services, is left over from the time that RDP was,
in fact, called Microsoft Terminal Services. RDP uses port 3389.
MAC Address and Address Resolution Protocol
How do networks make sure that the correct information goes to a specific device on a network? MAC and ARP team up to do the job.
A Media Access Control (MAC) address is a unique ID number assigned by the manufacturer to each network device, such as a network adapter card, motherboard-based network port, router (which has a MAC for its switch and a separate MAC for its connection to other
networks, and so on), and others. Address Resolution Protocol (ARP) keeps track of the IP addresses and the MAC addresses of devices on a network. Because IP addresses can change, ARP is essential in making sure that requests and replies are routed to the correct device.
