1.4 Common Ports

Question 1

What port does FTP use for control communication?

Answer 1

TCP port 21 — Used for sending control commands in the File Transfer Protocol.

File Transfer Protocol
* Not specific to an operating system
* Authenticates using username and password
* full-featured functionality (list, add, delete, etc.)

tcp/21

Sends and receives files between systems

Question 2

What port does FTP use for data transfer?

Answer 2

File Transfer Protocol
* Not specific to an operating system
* Authenticates using username and password
* full-featured functionality (list, add, delete, etc.)

TCP port 20 — Used for transferring files between systems using FTP

tcp/20

Sends and receives files between systems

Question 3

What port does SSH use?

Answer 3

Secure Shell

TCP port 22 — Used for secure remote login and command-line access.

tcp/22

Encrypted console login

Question 4

What port does SFTP use?

Answer 4

Secure FTP

TCP port 22 — Secure File Transfer Protocol that uses SSH to encrypt file transfers.

Provides file system functionality
* Resuming interrupted transfers, directory listings, remote file removal

tcp/22

Encrypted file transfers using SSH

Question 5

What port does Telnet use?

Answer 5

Telecommunication Network

TCP port 23 — Used for unencrypted remote command-line access.

Console access
* Similar functionality to SSH
* In-the-clear communication (not a good choice for production systems)

tcp/23

Remote console login to network devices

Question 6

What port does SMTP use for unencrypted email transfer?

Answer 6

Simple Mail Transfer Protocol

TCP port 25 — Used for sending email messages between servers.

Also used to send mail from a device to a mail server
* Commonly configured on mobile devices and email clients

Other protocols are used for clients to receive email
* IMAP, POP3

tcp/25

Transfer email between mail servers

Question 7

What port does SMTP use for encrypted email with TLS?

Answer 7

Simple Mail Transfer Protocol

TCP port 587 — Used for sending encrypted email messages with TLS.

Also used to send mail from a device to a mail server
* Commonly configured on mobile devices and email clients

Other protocols are used for clients to receive email
* IMAP, POP3

tcp/587

Transfer email between mail servers

Question 8

What port does DNS use for most name resolution queries?

Answer 8

Domain Name System

UDP port 53 — Used for resolving domain names to IP addresses.

udp/53

Convert domain names to IP addresses

Question 9

What port does DNS use for large data transfers?

Answer 9

Domain Name System
TCP port 53 — Used for DNS zone transfers and large queries.

tcp/53

Convert domain names to IP addresses

Question 10

What ports does DHCP use?

Answer 10

Dynamic Host Configuration Protocol

UDP port 67 (server), UDP port 68 (client) — Used for automatic IP address assignment.

Automated configuration of IP address, subnet mask, and other options
* Requires DHCP server
* Server, appliance, integrated into a SOHO router, etc

Dynamic/pooled
* IP addresses are assigned in real-time from a pool
* Each system is given a lease, must renew at set intervals

DHCP Reservation
* Addresses are assigned by MAC address in the DHCP server
* Quickly manages addresses from one location

udp/67, udp/68

Question 11

What port does TFTP use?

Answer 11

Trivial File Transfer Protocol

UDP port 69 — Used for simple, unauthenticated file transfers.

Very simple file transfer application
* Read files and write files

No authentication
* Not used on highly secure systems

Useful when starting a system
* Transfer configuration files
* Quick and easy

upd/69

Question 12

What port does HTTP use?

Answer 12

Hypertext Transfer Protocol

TCP port 80 — Used for unencrypted web traffic.

Communication in the browser and by other applications

tcp/80

web server communication

Question 13

What port does HTTPS use?

Answer 13

Secure HTTP

TCP port 443 — Used for encrypted web traffic using SSL/TLS.

tcp/443

web server communication

Question 14

What port does NTP use?

Answer 14

Network Time Protocol

UDP port 123 — Used for synchronizing clocks between computer systems.

Switches, routers, firewalls, servers, workstations
* Every device has its own clock

Synchronizing the clocks is critical
* Log files, authentication information, outage details

Automatic updates

Flexible - you control how the clocks are updated
* Very accurate
* Accuracy is better than 1 millisecond on a local network

upd/123

Automatically synchronize clocks

Question 15

What port does SNMP use for queries?

Answer 15

Simple Network Management Protocol

UDP port 161 — Used for collecting and organizing information about managed network devices.

V1 - The original
* Structured tables and data sent in-the-clear

V2 - A good step ahead
* Data type enhancements, bulk transfers
* Still in-the-clear

V3 - A secure standard
* Message integrity, authentication, encryption

udp/161

Gather statistics and manage network devices

Question 16

What port does SNMP use for traps?

Answer 16

Simple Network Management Protocol

UDP port 162 — Used by devices to send alerts to a management station.

udp/162

Alerts and notifications from network devices

Question 17

What port does LDAP use?

Answer 17

Lightweight Directory Access Protocol

TCP port 389 — Used for accessing and maintaining distributed directory information services.

tcp/389

Directory services

Question 18

What port does LDAPS use?

Answer 18

Secure LDAP / LDAP Secure

TCP port 636 — Used for secure communication with LDAP directories.

A non-standard implementation of LDAP over SSL

tcp/636

Directory services

Question 19

What port does SMB use in modern Windows systems?

Answer 19

Server Message Block (Microsoft Windows product)

TCP port 445 — Used for sharing files, printers, and other network resources.

Also called Common Internet File System (CIFS)

Integrated into the operating system
* Access rights integration across systems
* File share publishing
* File locking

tcp/445

File and printer sharing for Windows

Question 20

What port does Syslog use?

Answer 20

System Logging

UDP port 514 — Used for sending system log or event messages to a central server.

Standard for message logging
* Diverse systems, consolidated log

Usually a central log collector
* Integrated into the SIEM
* Security information and Event Manager

You’re going to need alot of disk space

udp/514

A standard for message logging

Question 21

What port does Microsoft SQL Server (MS-SQL) use?

Answer 21

TCP port 1433 — Used for querying and managing Microsoft SQL Server databases.

Databases
* Collection of information (many different types of data; one common method to store and query)

Structured Query Language (SQL)
* A standard language across database servers

SELECT * FROM Customers WHERE Last_Name='Messer'

tcp/1433

Microsoft’s structured query language database

Question 22

What port does RDP use?

Answer 22

Remote Desktop Protocol

TCP port 3389 — Used for remote desktop access to Windows systems.

Connect to an entire desktop or just an application

Remote desktop services on many Windows versions
* Clients for Windows, MacOS, Linux, Unix, iPhone, and others

tcp/3389

Graphical display and control of a remote device

Question 23

What ports does SIP use?

Answer 23

Session Initiation Protocol

TCP port 5060 (unencrypted), TCP port 5061 (encrypted) — Used to initiate, maintain, and terminate real-time communication sessions like VoIP.

Setup and manage VoIP sessions
* Call, ring, play busy tone, hang up

Extend voice communication
* Video conferencing
* Instant messaging
* File transfer
* etc.

tcp/5060, tcp/5061

Voice over IP signaling protocol