💾 SHAUN PORTER

1.5 ports and protocols and encrypted alternatives

Dec 03, 202414 min read

1.5 Explain common ports and protocols, their application, and encrypted alternatives.

  • non-ephemeral port numbers

    • Also known as “well-known” or “reserved” ports
    • Typically used for common, standardized services that clients need to access reliably
    • They are fixed and do not change across sessions, unlike ephemeral ports
    • Ranges from 0 to 1023
    • Commonly assigned by the Internet Assigned Numbers Authority (IANA)

  • ephemeral port numbers

    • unlike the destination port, the sending port is chosen from a set range, the range varies from OS to OS and is used by the client as an outgoing port number. This allows data to reach the correct origin point upon return.
    • Ranges from 1024 to 65535
    • Dynamically assigned by the operating system for short-lived connections

Non-Ephemeral Ports

  • FTP - File Transfer Protocol

    • Port: 20/21
    • Protocol: TCP
    • Description:
      • FTP is a standard network protocol used for transferring files between a client and server on a TCP/IP network.
      • data transfer using port 21 and control connection establishment over port 20
    • Advantages:
      • It is widely supported, simple to use, and efficient for transferring large files.
      • FTP allows for both interactive and automated file transfers.
    • Disadvantages:
      • FTP lacks encryption, making it vulnerable to eavesdropping and data interception.
      • It also requires two ports (20 for data transfer, 21 for control), which can complicate firewall configurations.

  • SSH - Secure Shell

    • Port: 22
    • Protocol: TCP
    • Description:
      • SSH is a cryptographic network protocol used for secure remote login and secure file transfer over an insecure network.
      • SSH protocol for secure remote access and file transfer.
      • Encryption and authentication handled by SSH protocol over TCP.
    • Advantages:
      • SSH provides strong encryption and authentication, protecting sensitive data during transmission.
      • It supports secure remote access and secure file transfer.
    • Disadvantages:
      • SSH can be more complex to set up and configure compared to unencrypted protocols.
      • It may also require additional computational resources for encryption and decryption.

  • SFTP - Secure File Transfer Protocol

    • Port: 22
    • Protocol: TCP
    • Description:
      • SFTP is a secure file transfer protocol that runs over SSH, providing secure file transfer capabilities.
      • SFTP commands and responses over SSH.
      • Data transfer using TCP within the SSH tunnel.
    • Advantages:
      • SFTP combines the security features of SSH with file transfer capabilities, ensuring data confidentiality and integrity.
      • It is widely supported and interoperable.
    • Disadvantages:
      • Similar to SSH, setting up and managing SFTP can be more complex compared to unencrypted protocols.
      • It may also require additional authentication mechanisms.

  • Telnet

    • Port: 23
    • Protocol: TCP
    • Description: Telnet is a network protocol used for remote terminal access.
    • Advantages: Telnet allows remote access to devices and systems for management and troubleshooting. It is simple to use and widely supported.
    • Disadvantages: Telnet transmits data, including passwords, in plaintext, making it vulnerable to interception and unauthorized access. It lacks encryption and authentication mechanisms.

  • SMTP - Simple Mail Transfer Protocol

    • Port: 25
    • Protocol: TCP
    • Description: SMTP is a protocol used for sending email messages between servers.
    • Advantages: SMTP is essential for email communication, enabling the transmission of messages across different email services and platforms.
    • Disadvantages: SMTP lacks built-in encryption and authentication mechanisms, potentially exposing email content to interception and unauthorized access. It is susceptible to spam and phishing attacks.

  • DNS - Domain Name System

    • Port: 53
    • Protocol: UDP and TCP
      • UDP by default
      • TPC is used as fall-back
      • DNS has always been designed to use both UDP and TCP port 53 from the start , with UDP being the default, and fall back to using TCP when it is unable to communicate on UDP, typically when the packet size is too large to push through in a single UDP packet.
    • Description: DNS is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network.
    • Advantages: DNS translates domain names into IP addresses, facilitating easy access to websites and other online services. It is crucial for Internet navigation.
    • Disadvantages: DNS queries and responses are often unencrypted, posing privacy risks. DNS can also be vulnerable to various attacks, such as DNS spoofing and denial-of-service attacks.

  • DHCP - Dynamic Host Configuration Protocol

    • Port: 67/68
    • Protocol: UDP
    • Description: DHCP is a network management protocol used to automatically assign IP addresses and other network configuration parameters to devices on a network.
    • Advantages: DHCP simplifies network administration by automating the IP address assignment process. It reduces the risk of IP address conflicts and simplifies network reconfiguration.
    • Disadvantages: DHCP lacks built-in security mechanisms, making it vulnerable to rogue DHCP servers and potential IP address hijacking. It requires careful configuration to prevent unauthorized access to network resources.

  • TFTP - Trivial File Transfer Protocol

    • Port: 69
    • Protocol: UDP
    • Description: TFTP is a simplified version of FTP used for transferring files in a local network.
    • Advantages: TFTP is lightweight and easy to implement, making it useful for bootstrapping devices and transferring configuration files.
    • Disadvantages: TFTP lacks authentication and encryption, making it unsuitable for transferring sensitive data over untrusted networks. It also lacks error recovery mechanisms.

  • HTTP - Hypertext Transfer Protocol

    • Port: 80
    • Protocol: TCP
    • Description: HTTP is the foundation of data communication on the World Wide Web, enabling the transfer of web pages and other resources between web servers and clients.
    • Advantages: HTTP is widely supported and allows for easy access to web content. It is simple to implement and use for web development.
    • Disadvantages: HTTP transmits data in plaintext, making it vulnerable to interception and manipulation. It lacks encryption by default, requiring additional measures such as HTTPS for secure communication.

  • POP3 - Post Office Protocol v3

    • Port: 110
    • Protocol: TCP
    • Description: POP3 is a protocol used by email clients to retrieve emails from a mail server.
    • Advantages: POP3 allows users to download emails to their local devices for offline access, facilitating email management.
    • Disadvantages: POP3 lacks built-in encryption and authentication mechanisms, potentially exposing email content to interception and unauthorized access. It typically downloads emails to the client’s device, increasing the risk of data loss if the device is compromised.

  • NTP - Network Time Protocol

    • Port: 123
    • Protocol: UDP
    • Description: NTP is a protocol used to synchronize the time of computer clocks over a network.
    • Advantages: NTP ensures accurate timekeeping across devices in a network, which is crucial for various network operations and applications.
    • Disadvantages: NTP traffic can be vulnerable to timing attacks and spoofing if proper security measures are not implemented. Malicious actors could disrupt network operations by manipulating time synchronization.

  • IMAP - Internet Message Access Protocol

    • Port: 143
    • Protocol: TCP
    • Description: IMAP is a protocol used by email clients to retrieve emails from a mail server and manage them on the server.
    • Advantages: IMAP allows users to access their emails from multiple devices while keeping them synchronized with the server. It supports organizing emails into folders and managing them remotely.
    • Disadvantages: IMAP lacks built-in encryption and may transmit sensitive email content in plaintext if not used with SSL/TLS. It can also consume more server resources compared to POP3 due to its synchronization features.

  • SNMP - Simple Network Management Protocol

    • Port: 161/162
    • Protocol: UDP
    • Description: SNMP is a protocol used for network management and monitoring of devices such as routers, switches, and servers.
    • Advantages: SNMP enables centralized monitoring and management of network devices, facilitating proactive maintenance and troubleshooting. It provides real-time monitoring and alerts for network performance and health.
    • Disadvantages: SNMPv1 and SNMPv2c lack strong security features and transmit data in plaintext, making them vulnerable to interception and unauthorized access. SNMPv3 offers encryption and authentication but may be more complex to configure.

  • LDAP - Lightweight Directory Access Protocol

    • Port: 389
    • Protocol: TCP
    • Description: LDAP is a protocol used for accessing and maintaining distributed directory information services over a network.
    • Advantages: LDAP provides a centralized directory service for managing user authentication, access control, and directory information. It supports lightweight and efficient querying of directory data.
    • Disadvantages: LDAP traffic can be vulnerable to interception and unauthorized access if not encrypted. Implementing LDAP securely requires careful configuration and management of access controls and authentication mechanisms.

  • HTTPS over SSL - Hypertext Transfer Protocol Secure

    • Port: 443
    • Protocol: TCP
    • Description: HTTPS is an extension of HTTP with added security features provided by SSL/TLS encryption.
    • Advantages: HTTPS encrypts data transmitted between a web server and a client, ensuring confidentiality and integrity of sensitive information such as login credentials and financial transactions.
    • Disadvantages: HTTPS requires additional computational resources for encryption and decryption, which may increase server load and latency. Misconfigurations or vulnerabilities in SSL/TLS implementations could expose users to security risks.

  • **HTTPS over TLS - Hypertext Transfer Protocol Secure **

    • Port: 443
    • Protocol: TCP
    • Description: HTTPS is an extension of HTTP with added security features provided by TLS encryption.
    • Advantages: HTTPS encrypts data transmitted between a web server and a client, ensuring confidentiality and integrity of sensitive information. TLS offers stronger security than SSL and is widely supported.
    • Disadvantages: Similar to SSL, HTTPS with TLS requires additional computational resources and may introduce latency. Implementation errors or vulnerabilities in TLS implementations could compromise the security of HTTPS connections.

  • SMB - Server Message Block

    • Port: 445
    • Protocol: TCP
    • Description: SMB is a network file sharing protocol used by Windows-based computers for sharing files, printers, and other resources.
    • Advantages: SMB facilitates seamless file sharing and resource access across Windows networks, allowing users to collaborate and share files efficiently.
    • Disadvantages: SMB has been historically vulnerable to security vulnerabilities and attacks, such as ransomware exploits and remote code execution. Misconfigurations or weak authentication mechanisms can expose sensitive data to unauthorized access.

  • Syslog

    • Port: 514
    • Protocol: UDP/TCP
      • Typicaly UDP
      • can also use TCP
    • Description: Syslog is a protocol used for sending and receiving log messages over a network.
    • Advantages: Syslog enables centralized logging and monitoring of network devices, servers, and applications. It provides real-time visibility into system events and helps in troubleshooting and security analysis.
    • Disadvantages: Syslog messages are transmitted in plaintext by default, making them vulnerable to interception and tampering. Implementing secure syslog requires encryption and authentication mechanisms, such as TLS.

  • SMTP over TLS - Simple Mail Transfer Protocol

    • Port: 587
    • Protocol: TCP
    • Description: SMTP TLS is an extension of SMTP that adds support for encryption using Transport Layer Security (TLS).
    • Advantages: SMTP TLS encrypts email communication between mail servers, ensuring confidentiality and integrity of email messages. It provides protection against eavesdropping and tampering during transmission.
    • Disadvantages: SMTP TLS relies on proper configuration and support by mail servers. Misconfigurations or vulnerabilities in TLS implementations could undermine the security of email communication.

  • LDAPS - Lightweight Directory Access Protocol over SSL

    • Port: 636
    • Protocol: TCP
    • Description: LDAPS is an extension of LDAP that adds support for encryption using SSL/TLS.
    • Advantages: LDAPS encrypts LDAP traffic, providing confidentiality and integrity of directory information exchanged between clients and servers. It protects sensitive data such as user credentials and directory entries from eavesdropping and tampering.
    • Disadvantages: LDAPS requires proper configuration of SSL/TLS certificates and may introduce additional overhead due to encryption and decryption. Vulnerabilities or misconfigurations in SSL/TLS implementations could compromise the security of LDAPS connections.

  • IMAP over SSL - Internet Message Access Protocol

    • Port: 993
    • Protocol: TCP
    • Description: IMAP over SSL is an extension of IMAP that adds support for encryption using SSL/TLS.
    • Advantages: IMAP over SSL encrypts email communication between clients and mail servers, ensuring confidentiality and integrity of email messages and user credentials. It protects against eavesdropping and tampering during transmission.
    • Disadvantages: IMAP over SSL requires proper configuration and support by mail servers. Misconfigurations or vulnerabilities in SSL/TLS implementations could undermine the security of email communication.

  • POP3 over SSL - Post Office Protocol

    • Port: 995
    • Protocol: TCP
    • Description: POP3 over SSL is an extension of POP3 that adds support for encryption using SSL/TLS.
    • Advantages: POP3 over SSL encrypts email communication between clients and mail servers, providing confidentiality and integrity of email messages and user credentials. It protects against eavesdropping and tampering during transmission.
    • Disadvantages: POP3 over SSL requires proper configuration and support by mail servers. Misconfigurations or vulnerabilities in SSL/TLS implementations could compromise the security of email communication.

  • SQL - Structured Query Language

    • Port: 1433
    • Protocol: TCP
    • Description: SQL Server is a database management system that uses the SQL language to manage and query relational databases.
    • Advantages: SQL Server provides robust data management and query capabilities, supporting transactions, stored procedures, and data integrity constraints.
    • Disadvantages: SQL Server can be vulnerable to security risks such as SQL injection attacks, unauthorized access, and data breaches if not properly configured and secured.

  • SQLnet

    • Port: 1521
    • Protocol: TCP
    • Description: SQLnet is Oracle’s networking protocol used for communication between Oracle database clients and servers.
    • Advantages: SQLnet provides efficient and secure communication between Oracle database clients and servers, supporting features such as authentication, encryption, and data compression.
    • Disadvantages: SQLnet can be vulnerable to security risks such as unauthorized access, SQL injection attacks, and data breaches if not properly configured and secured.

  • MySQL

    • Port: 3306
    • Protocol: TCP
    • Description: MySQL is an open-source relational database management system that uses SQL for managing and querying databases.
    • Advantages: MySQL offers high performance, scalability, and reliability for managing relational databases. It supports features such as transactions, stored procedures, and data replication.
    • Disadvantages: MySQL can be vulnerable to security risks such as SQL injection attacks, unauthorized access, and data breaches if not properly configured and secured.

  • RDP - Remote Desktop Protocol

    • Port: 3389
    • Protocol: TCP
    • Description: RDP is a proprietary protocol developed by Microsoft for remote desktop access and control.
    • Advantages: RDP allows users to remotely access and control Windows-based computers over a network, facilitating remote administration, support, and collaboration.
    • Disadvantages: RDP can be vulnerable to security risks such as brute-force attacks, credential theft, and remote code execution if not properly configured and secured.

  • SIP - Session Initiation Protocol

    • Port: 5060/5061
    • Protocol: TCP/UDP
      • typically uses UDP for SIP signalling
    • Description: SIP is a signalling protocol used for initiating, maintaining, and terminating real-time communication sessions over IP networks.
    • Advantages: SIP enables the establishment of voice, video, and messaging sessions over IP networks, supporting features such as call routing, presence, and multimedia conferencing.
    • Disadvantages: SIP can be vulnerable to security risks such as eavesdropping, spoofing, and denial-of-service attacks if not properly configured and secured.

  • IP protocol types

    • Internet Control Message Protocol (ICMP)
      • A network-layer protocol mainly used for sending diagnostic and error messages, such as network reachability tests.
      • Commonly used by tools like ping and traceroute to test connectivity and report issues, such as unreachable hosts or network congestion.
      • It does not carry application data but rather control messages and error notifications.
    • Transmission Control Protocol (TCP)
      • A connection-oriented transport protocol that establishes a connection before data transfer begins.
      • Provides reliable data transfer through error checking, retransmission of lost packets, and flow control.
      • Widely used for applications requiring high reliability, such as HTTP (web browsing), FTP (file transfer), and email (SMTP).
    • User Datagram Protocol (UDP)
      • A connectionless transport protocol that sends data packets without establishing a prior connection.
      • Does not guarantee delivery, order, or duplicate protection, making it faster but less reliable than TCP.
      • Commonly used for real-time applications like video streaming, VoIP, and online gaming where speed is prioritized over reliability.
    • Generic Routing Encapsulation (GRE)
      • A tunnelling protocol that encapsulates a wide variety of network layer protocols within virtual point-to-point connections.
      • Often used to create VPNs or to transport IP packets between networks that do not directly communicate.
      • GRE is lightweight but lacks encryption, making it suitable for secure networks or when combined with encryption protocols.
    • Internet Protocol Security (IPSec)
      • A suite of protocols providing security features like authentication, integrity, and encryption for IP packets.
      • Commonly used in VPNs to secure data transmission over untrusted networks like the internet.

  • Authentication Header (AH)/Encapsulating Security Payload (ESP)

    • Authentication Header (AH)
      • A component of IPSec that provides packet-level data integrity and authenticity by authenticating each packet’s origin.
      • Does not provide encryption, so the data remains visible to anyone with network access.
    • Encapsulating Security Payload (ESP)
      • Another component of IPSec that provides both encryption (for confidentiality) and authentication.
      • ESP is often used with AH or on its own in secure data transmission for VPNs.

  • Connectionless vs. connection-oriented

    • Connectionless Communication
      • No need to establish a connection before sending data.
      • Data packets are sent independently, without guarantees of delivery, order, or reliability.
    • Connection-Oriented Communication
      • A connection is established and maintained throughout the data transfer session.
      • Provides reliability through error checking, acknowledgment of packets, and retransmission if packets are lost.

Links to Videos and Additional reading

Professor Messer - 1.5 Ports and Protocols

Graph View

Backlinks