TCP/IP Networking Protocols

This page is intended as a quick reference for TCP/IP protocols. For a quick reference to the layers of the OSI model see here. These layer 5 to 7 protocols run on TCP and/or UDP (layer 4 protocols) and are each associated with a virtual port number between 0 and 65,535 (note that TCP and UDP do not share these numbers, 80 TCP and 80 UDP are completely different ports on a computer). The port number tells the computer what service or application running on that computer should handle the message it just received. The port number is usually determined by the protocol the service is using to communicate with other devices on the network.

There are ephemeral and non-ephemeral port numbers. Ephemeral port numbers are are determined in real-time to establish temporary communication with a server (like when a client accesses a web service). Non-ephemeral port numbers are permanent, meaning that application or protocol should always be using that port. Most services have non-ephemeral ports associated with them; however, the default port can be overridden, causing that data to be sent to a different port from the default. This works fine as long as all clients communicating with that service on the server know what the port number for that service should be.

TCP/IP Protocols**

ProtocolsTCP/UDPPortFull Name
FTPTCP20/21File Transfer Protocol
Common file transfer protocol that allows users to move files between devices. All files are passed in the clear, does not support encryption.
  • 21 - control, sets up connection via this port
  • 20 - actual active data transfer occurs on port 20
SSH / SCP / SFTPTCP22Secure Shell / Secure Copy / SSH File Transfer Protocol
Every admin/developer's favorite protocol. Allows you to connect remotely to devices over an encrypted communications link. Enable it wisely.
SSH supports SCP, a barebones file transfer process that uses SSH to securely transfer files.
SSH also supports SFTP which offers more functionality than SCP (such as directory listings, remote file removal, file transfer interrupts, etc.).
TelnetTCP23Telecommunication Network
Every hacker's favorite protocol. Allows you to remotely connect to devices via console window. There are no secure versions of telnet. It is a legacy protocol that should be blocked. If it's running on a device that is meant to be open to everyone and everything, ensure that that device is isolated properly from the rest of your network.
SMTPTCP25Simple Mail Transfer Protocol
Used by mail clients to retrieve mail.
DNSTCP/UDP53Domain Name Services
Converts names to IP addresses. Critical resource that is susceptible to DoS, phishing or redirection attacks which could cripple the network.
  • 53 tcp - used for zone transfers
  • 53 udp - used for queries (name services lookup)
DHCPUDP67/68Dynamic Host Configuration Protocol
TFTPUDP69Trivial File Transfer Protocol
HTTPTCP80Hypertext Transfer Protocol
The Internet -> communications between client browsers and web servers.
POP3TCP110Post Office Protocol version 3
Used by mail clients to retrieve mail.
NTPUDP123Network Time Protocol
NetBIOS / NBTTCP/UDP137/138/139Network Basic Input/Output System / NetBIOS over TCP/IP
Used for communication between Windows devices:
  • Name service - udp/137, tcp/137
  • Datagram service - udp/138 (connectionless)
  • Session service - tcp/139 (connection service)
Windows hosts use NetBIOS for all kinds things, from announcing itself to other Windows devices on the network to file transfers, etc.
IMAPTCP143Internet Message Access Protocol
SNMPTCP/UDP161/162Simple Network Management Protocol
Used to gather data on how devices are performing (bandwidth, temperature, current # of users). There are currently 3 versions available. Versions 1 and 2 have no encryption (everything is sent in plaintext) so you should always use SNMPv3 or higher (has encryption and authentication) if you have the choice. Access to SNMP should be limited!
BGPTCP179Border Gateway Protocol
LDAPTCP/UDP389Lightweight Directory Access Protocol
HTTPSTCP443Hypertext Transfer Protocol over SSL/TLS or Hypertext Transfer Protocol Secure
HTTP with an extra layer of encryption via TLS/SSL (Transport Layer Security / Secure Sockets Layer).
LDAPSTCP/UDP636Lightweight Directory Access Protocol over TLS/SSL
FTPSTCP989/990FTP over TLS/SSL or File Transfer Protocol Secure
The secure version of FTP, supports encryption using SSL. FTPS is commonly used on web servers. NOTE: This is NOT the same as SFTP which is built on top of SSH.
RDPTCP3389Remote Desktop Protocol
Allows you to view the contents of the desktop of a remote device.

**For a comprehensive list of protocol assignments check out the IANA website.
**Another great quick reference can be found here.

ABOUT LAURA KAPLAN

Throughout my 10 year career I have worked as a web developer, systems administrator, software engineer, security analyst and now cybersecurity engineer. I currently develop software applications to automate security vulnerability and compliance scanning and reporting for a multinational financial institution.