The applications we use every day are usually associated with a set of well-known port numbers. In this video, you’ll learn about some of these applications and how they use port numbers to communicate.
One of the first ways to transfer a file from one device to the other uses a protocol called FTP, a File Transfer Protocol. This protocol uses TCP port 20. We call this the active mode data port, and there is a TCP port 21 that’s used to control the communication.
TCP does have security built in, so you can configure a username and a password that gains access to another system. FTP also supports a mode called anonymous log in where you can use the user name anonymous and then any password you’d like. As it transfers files, FTP provides what could be called full featured functionality. You can list the files available on a system. You can add files, delete, rename, and provide other file functions as well.
If you’ve ever communicated across the network to another device at the command line, then you’ve probably used a console connection that looks very similar to this one. If your console connection is over an encrypted channel, then it’s probably using SSH or Secure Shell over TCP port 22. Although this looks very similar to a console screen you might see if you use Telnet, Telnet would be over a nonencrypted channel, but SSH always uses an encrypted communication link.
You may find that some older equipment doesn’t support SSH and the only way to communicate to this device and use this terminal communication is by using Telnet. Telnet stands for Telecommunication Network, and it uses TCP port 23. Just like with SSH, we would use Telnet to log in remotely to this device at the console, but we have to keep in mind that this entire communication is in the clear. There’s no encrypted communication.
So if you type in your username and password, anyone capturing those packets on the network is able to view very plainly your user name and your password. For that reason, we don’t commonly see Telnet used on anyone’s network. And if you need to keep your system secure, you would probably only use SSH, instead of using Telnet.
In an earlier video, we talked about mobile devices sending email messages and the protocol that it used to send those messages was SMTP or the Simple Mail Transfer Protocol. SMTP can be used to send messages from a mobile device, or it can be used to send messages from one server to another. SMTP uses TCP port 25 to be able to send that data. If you’re receiving email messages, you’re probably using POP3 or IMAP. Whenever you’re sending email, it commonly uses SMTP.
If you’re typing a website into a browser, you’re probably using the name of the site. So if you type in www.professormesser.com, behind the scenes, there needs to be a conversion between that domain name and the IP address of my web server that’s where we would use DNS, which communicates over UDP port 53. This is converting those names to IP addresses and then back again. For example, if you type in in www.professormesser.com, that information is sent to a DNS server, which responds back with an IP address that’s associated with my web server.
We obviously rely on these DNS servers to be able to provide this resolution between domain name and IP address. And since we’re using mostly these domain names and we’re typing things in at a browser, we’ll probably have multiple DNS servers. So if we happen to lose a DNS server or it happens to become unavailable, we have other DNS servers that can provide that resolution.
If you’re in a web browser and you’re communicating to a web server, then you’re probably using HTTP or HTTPS as those protocols. HTTP stands for Hypertext Transfer Protocol, and HTTPS is the encrypted form of that or Hypertext Transfer Protocol Secure. These two protocols used two different port numbers to communicate. The in the clear, non-encrypted version of HTTP uses TCP port 80. The encrypted communication occurs with HTTPS and that commonly uses TCP port 443.
If you’re on a mobile device or desktop computer and you’re receiving emails, then you’re probably using POP or IMAP as those protocols. POP3 is the Post Office Protocol version 3. It uses TCP port 110, and it provides basic mail transfer functionality. Many of our modern mail transfers are using IMAP.
IMAP is the Internet Message Access Protocol version 4. It uses TCP port 143 to communicate. IMAP provides some enhanced features over POP3, such as having multiple folders and being able to access that email box from multiple devices.
If you’ve ever needed to view or take control of someone’s desktop across the network, then you’ve needed to use RDP or the Remote Desktop Protocol. This uses TCP port 3389 to provide that remote control functionality. You’ll find that RDP is available on many different Windows servers and allows you to either view the entire desktop of the remote system or view just a single application that’s running on that remote system.
There are many different clients available to access these remote desktop services. You can run it on a Windows workstation, Mac OS, Linux, and many others. Microsoft Windows doesn’t use FTP to transfer files from one system to another. Instead, it uses its own format to be able to transfer files called server message block.
This is a standard set of protocols that Windows uses that allows for file sharing, printer sharing. You might even see it referred to as CIFS or Common Internet File System. Older Windows systems may use NetBIOS that is inside of a UDP or TCP packet.
UDP port 137 is NetBIOS name services so that you can find the device on the network by its name. There’s also UDP port 138, which is the NetBIOS Datagram service. There’s a TCP version of this that runs on TCP port 139, which is the NetBIOS session service.
Modern Windows devices don’t need to parse out these different NetBIOS protocols and put them inside of TCP or UDP. Instead, they can communicate directly over TCP port 445. Just as Windows has its own protocols for transferring files, Mac OS also has its own protocols for the Apple Filing Protocol or AFP.
These file services in Mac OS use TCP port 548. To be able to view the list of available servers, you’re probably going to use the service location protocol in Mac OS or SLP. The service location protocol uses TCP port 427 and UDP port 427 to be able to populate a list of available locations. And very similar to SMB in Windows, the Apple filing protocol in Mac OS is also full feature. You have the ability to view the available list of files to copy files, move files, rename files, and more.
When you turn on your computer for the first time, it automatically configures itself with an IP address. It’s able to do this because it’s using DHCP, which is the Dynamic Host Configuration Protocol. There is a DHCP server somewhere on your network, and your client communicates that server using ports UDP 67 and UDP 68. Once your workstation receives this IP address, it’s available for a particular lease time.
And before that lease is up, it has to check back in with the DHCP server to make sure that it’s still able to use that IP address. The DHCP servers can also be configured with DHCP reservations. This means when a workstation or a server requests an IP address, the server can recognize the MAC address of that device and provide the same IP address to that device every time.
If you connect to a corporate network for the first time, you’re often asked to provide a username and password. The same thing occurs if you connect through a VPN or if you log into a web server that’s on the network. The process of providing that authentication is usually to a centralized database, and one very common form of database that’s used for this is LDAP.
This is the Lightweight Directory Access Protocol, and it uses TCP port 389 to provide that authentication. This means that you can store all of your credentials in one single database. And if you ever need to enable, disable, or make any changes, you simply need to make it in that centralized location.
Network administrators may have tens or hundreds or even thousands of devices they have to manage on a single network. In order to constantly monitor and gather statistics from these devices, these network administrators use a specialized protocol called SNMP. This is the Simple Network Management Protocol, and it uses UDP port 161 to query devices, and it can receive alarms or traps from those devices over UDP port 162. There may be three different versions of SNMP that could be running in an environment.
Version one was the original that provided a non-encrypted, in the clear method so that a device can communicate to a router and ask how many bytes have gone through a particular interface, and that router can respond back with that value. Version 2 of SNMP still communicated without any encryption, but this client could ask many different questions at the same time and receive a bulk transfer in response. Many organizations these days are using SNMP version 3, which provides message integrity and authentication method. And all of the information that’s sent between the client and the remote device is all encrypted.