Common Network Ports – CompTIA A+ 220-1101 – 2.1

We use port numbers to differentiate between applications as they traverse the network. In this video, you’ll learn which port numbers are used by some of the most popular protocols.


In our previous video, we talked about how services have port numbers that they use so that other devices can communicate and use those services. We refer to these as well-known port numbers because both the server and the client need to know exactly what port number they’ll use to communicate. This is not only important for the server and the client, but it’s also important for any firewalls that may be in the middle of that communication. Firewalls have to decide whether to allow or disallow this traffic, and they often make that decision based on the port number.

As we go through this video, you’ll see that there are a lot of different port numbers that you should use. And if you’ve never worked with port numbers before, this will seem like rote memorization. But the port numbers themselves become easier and easier to remember as you continue to use them. It’s important to know these port numbers and what protocols are often used by a particular port number, but it’s also important to know when you would use these protocols.

For example, your exam might ask you what port number is used by an application that transfers data in a particular way across the network. Let’s start our conversation of port numbers with FTP, or the file transfer protocol. As the name implies, this is a protocol that transfers files from one device to another. There are two port numbers used by FTP. One is TCP port 20. This is for data transfers. And TCP port 21, which is used to control the data transfer.

FTP is a generic way to transfer data between devices, but it commonly requires some type of authentication to log in to that remote device. So you might use a username and password, although some systems will allow you to log in as anonymous and use any password to gain access. The FTP protocol also includes a number of file management functions. So when you connect to an FTP server you can list all of the files on that server. You can add, delete, rename, and perform other file management functions all by using FTP.

There may be times when you need to connect to a remote device through a terminal or command line front end. It’s common to use Secure Shell, or SSH, to provide this terminal connection to a remote device. SSH commonly communicates over TCP using port 22, and it has this text-based front end to be able to access that remote device. Although we see plain text on our screen, any communications sent over the network is sent as encrypted data. That’s where the secure comes from in the name Secure Shell.

There’s another way to connect to a remote device using this text-based or console front end, and it’s using Telnet, or the telecommunication network protocol. Telnet commonly uses TCP port 23 to provide this connection, just like SSH. Telnet provides this text-based front end that allows us to connect to the remote console of another device.

But unlike SSH, all of the communication between this Telnet front end and the Telnet server is all sent in the clear, or not encrypted. This means that anyone who might be capturing packets between these two devices will see everything that you’re sending over this link, including usernames, passwords, and everything else. This is why we often say that you shouldn’t use Telnet on your production networks and instead you should always use SSH for terminal communication.

There are probably millions of email servers that are located on the Internet. And the protocol that those emails server use to communicate with each other is the Simple Mail Transfer Protocol, or SMTP. SMTP commonly uses TCP using port 25. Not only is SMTP used to communicate between mail servers, but it’s also used for our mail clients to send mail to a mail server. So if you’re using a mail client on your mobile device or your desktop computer and you’re sending an email message, you could be using SMTP.

Although it’s common to use SMTP to send mail, receiving mail is done using a completely different set of protocols. So if you were to look at your email client, you’re probably using IMAP or POP3 to be able to receive mail and SMTP to be able to send mail.

If you need to connect to a remote website, you would probably type into your browser www.professormesser.com and hit Enter. Behind the scenes, your system needs to be able to communicate with the Professor Messer web server, but it has no idea what the IP address is for that server. To be able to resolve an IP address from that fully qualified domain name, your system will use DNS, or the domain name system. DNS commonly uses UDP port 53 to be able to make this connection between you and the DNS server.

These are obviously very critical resources because we don’t often memorize IP addresses of servers, and very often server IP addresses can change without any type of notification. It’s DNS that provides that resolution between a name that we’re typing in on the browser and the IP address that will be used for the actual communication.

If you’ve ever used your mobile device on the Wi-Fi network of a coffee shop, then you’ve automatically received an IP address that you can use on that network. This IP address was assigned automatically using the Dynamic Host Configuration Protocol, or DHCP. The well-known ports for DHCP are UDP port 67 and UDP port 68. Of course, you need a DHCP server to assign these IP addresses to devices on your network, but that functionality is commonly built into the routers and wireless access points that we use these days.

This DHCP server will have a large pool of IP addresses that can then be assigned to devices on your network. All of these IP addresses are assigned in real time. So when you start up your computer, it queries the DHCP server and the DHCP server assigns your device all of your IP configuration details. DHCP uses a leasing system to assign these IP addresses, so you are only using this IP address for a certain amount of time. And after that lease expires and you’re no longer on the network, that IP address goes back in the pool for someone else to use.

Network administrators can also configure DHCP servers to always assign the same IP address to certain devices. So if there are routers, firewalls, switches, and other infrastructure devices on your network, your network administrator may configure DHCP reservations so those devices always receive the same IP address every time they’re booted up. This also means that if you need to change any of the IP configurations on these devices, you don’t have to go to the devices to make those changes. You simply make them on the DHCP server. The next time that device requests a DHCP address, it will receive the new configuration.

If you’ve ever used a web browser, then you’ve used HTTP and HTTPS. HTTP is the hypertext transfer protocol, and this is the common protocol used by our browsers to communicate to web servers. There are two different protocols depending on the type of communication that you’ll be doing. If you’re communicating in the clear, or in a non-encrypted form, you would be using the HTTP protocol, which uses TCP and port 80. If your browser’s communicating over an encrypted connection, then it’s probably using HTTPS, the S being for secure, and that uses TCP port 443.

We mentioned earlier that sending email messages can use SMTP, or the Simple Mail Transfer Protocol. But to receive email messages, you would commonly use POP3 or IMAP. POP3 is the Post Office Protocol version 3, and it commonly uses TCP port 110. POP3 was designed to retrieve email messages to an email client, but it wasn’t built for multiple email clients. And of course, these days, we tend to walk around with many different mobile devices, all accessing the same email inbox.

To be able to synchronize across all of these different mailboxes, we commonly use IMAP4, or the Internet Message Access Protocol version 4. IMAP commonly uses TCP port 143 to be able to download and manage that mailbox.

Many operating systems have their own method of transferring files and information between devices using that operating system. Windows commonly uses Server Message Block, or SMB, to be able to provide this connection. This is the protocol commonly used by Microsoft Windows, so if you’re transferring files between devices or you’re sending a print job to a printer, it’s probably using SMB.

You might also hear SMB referenced as CIFS, or the Common Internet File System. SMB uses a number of different protocols to be able to communicate. And if you’re communicating to an older Windows machine, you’re probably using NetBIOS over TCP/IP. NetBIOS is the Network Basic Input Output System. This uses UDP port 137 as a name service function so that it can find devices on your network by the name and uses TCP port 139 to set up a session and transfer data between devices.

On most modern versions of Windows, NetBIOS isn’t used. Devices can communicate directly between each other using TCP/IP. In those cases, it would use a direct SMB connection using TCP port 445. This allows us to have a direct SMB communication between two devices by using only TCP/IP.

If you plan on doing any work as a network administrator, you’ll become very familiar with SNMP, or the Simple Network Management Protocol. SNMP allows a network management device to query these infrastructure devices for performance details and receive those metrics in return. This uses UDP port 161 to perform these queries. You can also configure the infrastructure device to monitor for certain metrics. And if it exceeds any of those metrics, it can send an alert to the management station.

We refer to these alerts as traps, and the traps use UDP port 162. If you’re configuring SNMP on a device, it will ask you if you’re using version 1, version 2, or version 3. Version 1 was obviously the original SNMP version. It sends structured information across the network but all of this information was sent in the clear, or in a non-encrypted form. We introduced a newer version of SNMP with SNMP version 2, which allowed us to do bulk transfers of information, but still all of that information was being sent in a non-encrypted form.

To be able to include additional security with SNMP, you need to use SNMP v3. This includes encryption that allows us to have message integrity, authentication, and encryption of all of the SNMP data.

We use directories extensively on our modern networks, and one very common protocol to use to query these directories is LDAP. LDAP is the Lightweight Directory Access Protocol, and it commonly uses TCP port 389. There are many implementations of LDAP, but one of the most popular is Microsoft Active Directory, which allows you to query that Active Directory server using the LDAP protocol.

If you’ve ever worked in a support role or on a help desk, then you’ve probably performed some type of remote access to someone’s desktop. One very popular protocol to provide this remote communication is RDP, or the Remote Desktop Protocol. This is the standard protocol used by Windows for the remote sharing, and it commonly uses TCP port 3389. These remote desktop services are available in many different editions of Windows. And if you’re using Windows today, then you probably have built into the operating system the ability to connect to or receive a remote desktop session.

RDP can be used to take over and control an entire system, or just to run a single application from that server. Although you’ll find servers running RDP almost exclusively on Windows, there are clients that you can run on almost any operating system. So if you’re running Linux, Mac OS, Android, or any other operating system, there’s probably an application you can load that would allow you to connect to a Windows device using the remote desktop protocol.