As you manage your network devices, you’ll notice that certain port numbers will be commonly used. In this video, you’ll learn about these common TCP and UDP ports and how to recognize applications that are using these well-known port numbers.
<< Previous Video: Introduction to IP Next: Understanding the OSI Model >>
We know that our applications communicate across the network using well-known port numbers. And in this video, we’ll look at some of the most common ports that are used by these applications. Telnet stands for telecommunication network. It uses TCP port 23 as it’s well-known port number.
Telnet is a way to be able to log in to devices remotely and be able to access them from this text-based console. It’s a way to communicate to servers, routers, switches, and other infrastructure devices to be able to administer those machines. But all of this Telnet communication is sent in a non-encrypted form.
Your username and your password are sent in-the-clear across the network. If anyone happens to be listening in, or can gather those packets, then they’ll be able to find all of your usernames and all of your passwords. And that’s why most people will not use Telnet as a way to manage these devices on a modern network.
As an alternative to Telnet, most system administrators will use SSH, or Secure Shell. SSH uses TCP port 22 as its well-known port number. And it uses this port number to send encrypted communication back and forth to these infrastructure devices. It has the same look and feel as the Telnet console, but an SSH console is sending all communication as encrypted data, including your username and your password.
DNS is the Domain Name System. And it’s a protocol that most people don’t even realize is going over their network, because all of the communication happens behind the scenes. One of the primary roles of DNS is to convert the names that we use, for instance, inside of a browser, to something that the network can use, such as an IP address. So if you’re in a browser and you type in www.professormesser.com, your machine goes out to a DNS server to request the IP address of my device. And it may return an IP address, such as this one. It’s using UDP port 53 to be able to perform that communication.
These are obviously very critical resources. We don’t commonly remember the IP address of a server that we might be using. So instead, we use our DNS servers to take the name that we can remember, and convert it to an IP address that can be used across the network.
Another popular protocol on our networks is SMTP. This is the Simple Mail Transfer Protocol. And it uses port 25 over TCP to be able to send mail communications from one mail server to another.
We also commonly use SMTP to send mail from our devices to a mail server for outgoing mail. So you may commonly configure an SMTP in your mail client or on your mobile device to be able to send that outgoing mail. Other protocols are commonly used for incoming mail. And you may see protocols, such as IMAP or POP3, used for all of your incoming mail communication.
There are many different ways to send files across our network. One of these methods uses a protocol named SFTP. That stands for Secure File Transfer Protocol. And it uses SSH as the underlying protocol to make this happen. So it uses exactly the same port number as SSH, or TCP port 22.
SFTP is also a full-featured file transfer protocol. It can not only transfer the files, but it can resume if the transfer happens to be interrupted, it can provide you with the directory listing, it can do remote file removals, and much more. And, of course, since we’re using the encrypted SSH protocol as the underlying communication, we know that all of this file transfer information will be encrypted across the network.
If you don’t need encrypted communication for your file transfers, you may want to use FTP, or the File Transfer Protocol. FTP may use two different protocols to be able to transfer files. It may use TCP port 20 to provide an active mode data transfer, and it may use port 21 as the control information between the client and the server.
FTP is going to transfer these files, and it’s going to require some type of authentication with a username and password to be able to log in to the FTP server. This also has a full set of features similar to SFTP, allowing you to list the files that are available on a device. You can add other files, rename files, and delete any files from the file system.
If you need a very simple form of file transfer, then you may want to use TFTP. That stands for Trivial File Transfer Protocol. And it uses UDP port 69. It’s a very simple way to communicate because it doesn’t require any type of authentication. So you won’t need a username and password to be able to transfer these files. Since there’s no authentication and no encryption used for TFTP, it’s not something that would be used for important data, or used on production systems.
When you start your computer, it’s able to get an IP address automatically using DHCP, or the Dynamic Host Configuration Protocol. This is an automated process that assigns your IP address, your subnet mask, your DNS settings, and many other options within your IP configuration. It uses UDP port 67 and UDP port 68 to communicate.
And you also, somewhere on your network, need a DHCP server. This might be a standalone server, or it might be a service that’s integrated into the router that you use on your wireless network. DHCP commonly has a pool of IP addresses configured inside of the DHCP server. And as devices connect to the network, they’re given whatever might be available inside of that pool. There’s also a lease time associated with these IP addresses. So the device either has to re-lease the same IP address, or once that lease expires the IP address then becomes available for someone else on the network.
You can also configure reservations within the DHCP server so that certain devices will always get the same IP addresses. It’s common to do that with servers and other infrastructure devices. This also makes it very easy if you need to change the IP addresses on a number of devices. Instead of going to each individual device, you simply log in to your DHCP server, and you change the DHCP reservations there.
Two of the most popular protocols you’ll find on your network is HTTP and HTTPS. This stands for Hypertext Transfer Protocol and Hypertext Transfer Protocol Secure. These are two protocols that are commonly used by our browsers. Other applications may also use HTTP and HTTPS, even if they’re applications that don’t run inside of a browser. Traffic that is sent through TCP port 80 is commonly using HTTP, and is sending the web server communication in the clear. If someone’s using HTTPS, then they’re communicating through TCP port 443, and all of that traffic will be encrypted.
If you’re in charge of managing servers, switches, routers, and other infrastructure devices, you may want to gather metrics from those devices. One way to do this is to use SNMP. This is the Simple Network Management Protocol, and it uses UDP port 161 to be able to query and receive data from these infrastructure devices.
There are different versions of SNMP. Version 1 was the original that used a very set of structured tables and sent these requests and these responses across the network in a non-encrypted form. Version 2 of SNMP allowed us to do bulk transfers of data so we could request a lot of information and receive a lot of information very easily.
But all of that communication was sent in the clear. If we wanted an encrypted communication for our management protocol, then we’d want to use SNMP version 3. This provides message integrity, authentication, and encryption, so that nobody can see what you’re requesting from that device, or what the response was from these infrastructure devices.
If you work in a help desk, or you do any type of remote administration of devices, then you’re probably familiar with RDP, or the Remote Desktop Protocol. This allows you to see the screen that is on a remote device and share the keyboard and the mouse on that device using TCP over port number 3389. It’s common to see remote desktop being used on many types of Windows Operating Systems, and RDP allows you to either connect to the entire desktop that someone may be using, or to simply connect to an application that is available on that device. There are also remote desktop clients available for other operating systems. So you can use your Mac OS or your Linux desktop to be able to remotely connect and administer these Windows devices using RDP.
We have many different devices on our networks. We have our desktop computers, our laptop computers, servers. We have tablets and mobile devices. And all of those devices have a clock inside of them. They all know the time and the date.
And they’re able to determine what that is by using NTP, or the Network Time Protocol, that communicates over UDP port 123. It becomes critical to synchronize the clock across all of these different devices, not only to synchronize log information, but some of these devices must be well synced to be able to authenticate properly to each other. This means that everybody’s going to know exactly what the proper date and the proper time is.
And you, as the administrator, get to determine exactly the frequency that NTP will use to be able to provide the synchronization. This is a very accurate way of synchronizing the clocks. And on a local network, you can get accuracy better than one millisecond across all of the devices using the Network Time Protocol.
If you’ve used a voice over IP device, then you’ve probably used SIP, this is the Session Initiation Protocol, and it commonly uses TCP port number 5060 and TCP port 5061. This is the protocol that’s used for setting up calls, for ringing the phone on the other side, and for hanging up the call once the call is over. It also extends your voice communication by adding video conferencing, instant messaging, file transfer, and many other applications using this Session Initiation Protocol.
Microsoft uses SMB to transfer files between Windows devices. This is Server Message Block. You may also hear this referred to as CIFS, or Common Internet File System, and it’s what Windows uses to transfer files, or to share printers between Windows systems. SMB commonly uses TCP port 445 to be able to send SMB communication directly between devices using the IP protocol.
We learned earlier that sending emails from your device uses SMTP. But receiving emails uses a completely different set of protocols. You may be using POP, or you may be using IMAP to be able to authenticate and transfer email messages to your device.
POP3 is Post Office Protocol version 3, and it uses TCP port 110 to be able to perform that function. POP3 is considered to be a basic mail transfer functionality. For most of our mobile devices we use today, we’re using IMAP4. This is Internet Message Access Protocol version 4, and it uses TCP port 143. This allows us to use multiple clients to access our inbox, so we can see exactly the same mailbox from our mobile device as we do from our desktop system.
All of the users, devices, and printers are probably stored in a large database in your environment. And it’s usually accessed through a protocol such as LDAP. LDAP is the Lightweight Directory Access Protocol, and it uses TCP port 389 to allow your client to communicate to an LDAP server. There is also an encrypted form of LDAP, called LDAPS. And that stands for LDAP Secure. This uses SSL to be able to encrypt this LDAP communication, and it uses TCP port 636 to be able to send that data.
SIP is not the only voice over IP control protocol out there. You may also use H.323 on your voice over IP devices, and it uses TCP port 1720. Similar to SIP, H.323 allows us to set up phone calls, be able to ring the phone on the other side, and hang up the call when the call is over. This is one of the earliest voice over IP protocols. And many voice over IP applications will still use H.323 as its primary signaling protocol.