TCP/IP Networking Protocols
This page is intended as a quick reference for TCP/IP protocols. For a quick reference to the layers of the OSI model see here. These layer 5 to 7 protocols run on TCP and/or UDP (layer 4 protocols) and are each associated with a virtual port number between 0 and 65,535 (note that TCP and UDP do not share these numbers, 80 TCP and 80 UDP are completely different ports on a computer). The port number tells the computer what service or application running on that computer should handle the message it just received. The port number is usually determined by the protocol the service is using to communicate with other devices on the network.
There are ephemeral and non-ephemeral port numbers. Ephemeral port numbers are are determined in real-time to establish temporary communication with a server (like when a client accesses a web service). Non-ephemeral port numbers are permanent, meaning that application or protocol should always be using that port. Most services have non-ephemeral ports associated with them; however, the default port can be overridden, causing that data to be sent to a different port from the default. This works fine as long as all clients communicating with that service on the server know what the port number for that service should be.
|FTP||TCP||20/21||File Transfer Protocol|
|Common file transfer protocol that allows users to move files between devices. All files are passed in the clear, does not support encryption.
|SSH / SCP / SFTP||TCP||22||Secure Shell / Secure Copy / SSH File Transfer Protocol|
|Every admin/developer's favorite protocol. Allows you to connect remotely to devices over an encrypted communications link. Enable it wisely.|
SSH supports SCP, a barebones file transfer process that uses SSH to securely transfer files.
SSH also supports SFTP which offers more functionality than SCP (such as directory listings, remote file removal, file transfer interrupts, etc.).
|Every hacker's favorite protocol. Allows you to remotely connect to devices via console window. There are no secure versions of telnet. It is a legacy protocol that should be blocked. If it's running on a device that is meant to be open to everyone and everything, ensure that that device is isolated properly from the rest of your network.|
|SMTP||TCP||25||Simple Mail Transfer Protocol|
|Used by mail clients to retrieve mail.|
|DNS||TCP/UDP||53||Domain Name Services|
|Converts names to IP addresses. Critical resource that is susceptible to DoS, phishing or redirection attacks which could cripple the network.
|DHCP||UDP||67/68||Dynamic Host Configuration Protocol|
|TFTP||UDP||69||Trivial File Transfer Protocol|
|HTTP||TCP||80||Hypertext Transfer Protocol|
|The Internet -> communications between client browsers and web servers.|
|POP3||TCP||110||Post Office Protocol version 3|
|Used by mail clients to retrieve mail.|
|NTP||UDP||123||Network Time Protocol|
|NetBIOS / NBT||TCP/UDP||137/138/139||Network Basic Input/Output System / NetBIOS over TCP/IP|
|Used for communication between Windows devices:
|IMAP||TCP||143||Internet Message Access Protocol|
|SNMP||TCP/UDP||161/162||Simple Network Management Protocol|
|Used to gather data on how devices are performing (bandwidth, temperature, current # of users). There are currently 3 versions available. Versions 1 and 2 have no encryption (everything is sent in plaintext) so you should always use SNMPv3 or higher (has encryption and authentication) if you have the choice. Access to SNMP should be limited!|
|BGP||TCP||179||Border Gateway Protocol|
|LDAP||TCP/UDP||389||Lightweight Directory Access Protocol|
|HTTPS||TCP||443||Hypertext Transfer Protocol over SSL/TLS or Hypertext Transfer Protocol Secure|
|HTTP with an extra layer of encryption via TLS/SSL (Transport Layer Security / Secure Sockets Layer).|
|LDAPS||TCP/UDP||636||Lightweight Directory Access Protocol over TLS/SSL|
|FTPS||TCP||989/990||FTP over TLS/SSL or File Transfer Protocol Secure|
|The secure version of FTP, supports encryption using SSL. FTPS is commonly used on web servers. NOTE: This is NOT the same as SFTP which is built on top of SSH.|
|RDP||TCP||3389||Remote Desktop Protocol|
|Allows you to view the contents of the desktop of a remote device.|
Throughout my 10 year career I have worked as a web developer, systems administrator, software engineer, security analyst and now cybersecurity engineer. I currently develop software applications to automate security vulnerability and compliance scanning and reporting for a multinational financial institution.