Ports and Protocols Objective 1.4: Explain common networking ports, protocols, services, and traffic types ● Introduction ○ Port ■ Virtual entry/exit point for communications used by software applications to exchange information ○ Protocol ■ Set of rules and conventions for data exchange between network devices ● Network Port Fundamentals ○ IP address ■ Used to direct data to the correct system in a network ○ Port ■ A logical opening in a computer ■ Identifies specific applications or services on a computer that represents a service or application ■ Numbered from 0 to 65,535 ○ Three Groups of Ports ■ Well-known ports ● Numbered from 0 to 1,023 Ephemeral ports (49,152-65,535) 43 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ● Examples ○ FTP (20, 21) ○ SMTP (25) ○ HTTP (80) ○ HTTPS (443) ■ Registered ports ● Numbered from 1,024 to 49,151 ■ Ephemeral Ports ● Temporary, short-lived ports for dynamic use ● Numbered from 49,152 to 65,535 ● No registration is required and anyone can use them ○ Both Well-known and Registered Ports are registered with IANA for specific applications or services ○ Data Transfer Example ■ Client communicates with a website using IP addresses and ports ■ Client's source IP and random ephemeral port connect to the website's destination IP and default port (e.g., 80) ○ Two-Way Communication ■ Web server responds using its well-known port (e.g., 80) back to the client's ephemeral port ■ Two-way communication is established between client (ephemeral port) and web server (port 80) 44 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ○ Ephemeral ports opened for specific tasks and closed after data transmission. ○ In subsequent communications, the client uses the well-known port (e.g., 80) but selects a new random ephemeral port ○ Communication Flow ■ Source IP and port initiate communication ■ Data is transmitted ■ Ports closed when the task is completed ● Transmission Control Protocol (TCP) ○ Transmission Control Protocol (TCP) ■ Fundamental protocol in the Internet Protocol Suite that governs data exchange over the internet ■ Ensures reliable delivery of packets ● Error checking ● Data sequencing ● Acknowledgment ■ Operates at the transport layer of the OSI model ■ Breaks down larger messages into smaller packets for efficient data transfer and reassembles at the destination ○ Three-Way Handshake ■ Initiated to establish a connection between two systems ● SYN (Synchronize) 45 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ● SYN-ACK (Synchronize-Acknowledgement) ● ACK (Acknowledgement) ■ Ensures readiness for secure data transmission ○ Error Checking and Flow Control ■ Error checking ● Uses sequence numbers and acknowledgment messages ● Detects and retransmits lost or corrupted packets ■ Flow control ● Prevents overwhelming the receiver ● Windowing ○ Controls the amount of data sent at a time ○ Allows dynamic adjustment based on network conditions ○ Ports ■ Numerical identifiers for services or applications in TCP/IP suite ■ Distinguish between different services on the same server ■ Each connection identified by source and destination IP addresses and ports ● e.g., secure websites use port 443 (HTTPS) ■ Enable multiple network applications on the same server ○ TCP's Role in Internet Communication ■ Ensures reliability and ordered delivery between client and server ■ Operates at the transport layer of the OSI model 46 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ■ Utilizes packetization, acknowledgment, and error checking ■ Three-way handshake establishes a secure connection ■ Ports facilitate the logical differentiation of services on a single machine ● User Datagram Protocol (UDP) ○ User Datagram Protocol (UDP) ■ Communication protocol used for time-sensitive transmissions on the internet ● Ideal for applications prioritizing speed over error checking ● Low latency and reduced processing overhead. ● Lacks error checking and recovery services like TCP ■ Operates at the transport layer, similar to TCP ■ Connectionless communication model ○ Packet Structure ■ Datagrams ● Term for data packets in UDP ● Sent without prior setup of transmission channels ● Contains source/destination port numbers, length field, and checksum ● Smaller and simpler headers (8 bytes) compared to TCP (20-60 bytes) 47 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ○ UDP’s Stateless Nature ■ UDP does not maintain connection state or track packets ■ Often referred to as a "fire and forget" protocol ■ No waiting for acknowledgments, leading to faster transfer rates ○ Reliability Trade-off ■ UDP is less reliable due to lack of packet tracking ■ Suitable for scenarios where speed is crucial, and packet loss is acceptable ○ Use Cases ■ Used in applications like live broadcasts, online gaming, and VoIP calls ■ Effective for simple request-response communications (e.g., DNS lookup) ○ UDP utilizes ports to differentiate between multiple services on the same client/server ○ UDP relies on application-level error handling due to lack of built-in error recovery ○ UDP contains a checksum in the header for minimal protection against data corruption ○ UDP is not as robust as TCP in ensuring data integrity and delivery 48 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ● Internet Control Message Protocol (ICMP) ○ Internet Control Message Protocol (ICMP) ■ An integral part of the Internet Protocol Suite which is considered to be a network layer protocol for diagnosing network communication issues ■ Not used for data transmission between systems unlike TCP and UDP ■ Operates at the network layer of the OSI model ○ ICMP Messages ■ Used for indicating host or service unreachability, expired time to live, and router buffer issues ○ Ping Utility ■ Utilizes ICMP to test host reachability on an IP network ■ Measures roundtrip time (latency) for network connection ○ ICMP Message Structure ■ Header ● Type – indicates the type of ICMP message (1 byte) ● Code – provides additional context about the message type (1 byte) ● Checksum – used for error checking the message header and data (2 bytes) ○ ICMP Reliability and Design ■ Lacks reliability mechanisms like TCP ● No guaranteed delivery, ordering, or error correction 49 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ■ Designed for speed and simplicity, not data integrity or security ○ Security Concerns ■ ICMP can be used in attacks ● ICMP Flood Attack ○ Overwhelms target with echo request packets, leading to Denial of Service (DoS) Attack ○ Amplified up to Distributed Denial of Service (DDoS) Attack to be effective ● Ping of Death ○ Exploits vulnerabilities in older systems, causing system crashes ○ Modern Security Measures ■ Many modern systems are not vulnerable to Ping of Death due to improved security measures ■ Network administrators may choose to block ICMP traffic for security but face challenges in troubleshooting network issues ● Web Ports and Protocols ○ Web Ports and Protocols ■ Standardized rules and numerical gateways that govern data transmission and communication on the internet for websites 50 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ○ Two Fundamental Ports ■ Port 80 (HTTP) ● HTTP (Hypertext Transfer Protocol) ○ An application layer protocol. This designed to enable communications between clients and servers ○ Uses port 80 by default ○ Foundation of data communication on the worldwide web ○ Requests and receives web content in plain text ● HTTP over Port 80 lacks security makes data vulnerable to eavesdropping and attacks ■ Port 443 (HTTPS) ● HTTPS (Hypertext Transfer Protocol Secure) ○ Similar to HTTP but adds encryption via SSL/TLS ○ Uses port 443 ○ Encrypts data, securing it from interception or tampering ○ Importance of HTTPS (Port 443) ■ Vital for websites handling sensitive data like banking, e-commerce, or login pages ■ Automatic redirection from insecure HTTP (port 80) to secure HTTPS ■ Encryption ensures secure transmission of sensitive information 51 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ○ Key Differences between HTTP (Port 80) and HTTPS (Port 443) ■ Security and Encryption ● HTTP (port 80) – unencrypted, plain text ● HTTPS (port 443) – encrypted using SSL/TLS, more secure against data breaches ■ Default Usage ● HTTP (port 80) – traditional, default for unsecured browsing ● HTTPS (port 443) – introduced later, became default for secure browsing in recent years ■ Search Engine Optimization (SEO) and Trust ● HTTPS (port 443) – favored for increased security and ranked higher by search engines due to user trust and encryption ● Email Ports and Protocols ○ Email Ports and Protocols ■ Govern the transmission of emails across the Internet ■ Ensure efficient sending, receiving, and management of messages ○ Main Email Protocols ■ SMTP (Simple Mail Transfer Protocol) ● The standard protocol used for sending emails over the internet ● Operates over port 25 ○ Default port used by email servers 52 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ○ Insecure because data is sent in plain text ● Only used for sending emails ● SMTPS (SMTP Secure) ○ A secure variant of SMTP ○ Not really a protocol itself, but a way to secure the SMTP protocol by transporting it via the secure socket layer or transport layer security protocols ○ Operates over ports 465 or port 587 ■ POP3 (Post Office Protocol version 3) ● Used to retrieve emails from a remote server to a local client ● Operates over port 110 ● Designed to download and delete messages from the server ● Transmits emails in plain text (insecure) ● POP3S (POP3 Secure) ○ A secure variant of POP3 that overcomes the limitations of POP3 ○ Operates over port 995 via SSL/TLS ■ IMAP (Internet Message Access Protocol) ● Offers more flexibility than POP3 ● Operates over port 143 ● Allows managing emails directly on the server, synchronizing across multiple devices 53 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ● Transmits emails in plain text (insecure) ● IMAPS (IMAP Secure) ○ A variant of IMAP that can provide a secure and encrypted connection by transmitting data inside of an encrypted SSL/TLS using the standard IMAP protocol ○ Operates over port 993 ○ SMTP and SMTPS are used for sending emails ○ POP3 and IMAP are both used for receiving emails ■ IMAP offers more sophisticated email management ○ Understanding protocols ensures secure and efficient email communication ○ Configure systems with secure variants to protect against security threats ● File Transfer Ports and Protocols ○ File Transfer Ports and Protocols ■ Specialized rules and procedures that are utilized for the transmission of files across networks ○ FTP (File Transfer Protocol) ■ Oldest protocol for file transfer ■ Ports: ● Port 20 – actual data transfer ● Port 21 – sending control commands ■ Lack of encryption poses security risks 54 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ■ Transmissions are sent in plain text ■ Widely used for its simplicity across platforms ○ SFTP (Secure File Transfer Protocol) ■ Addresses FTP security concerns ■ Also stands for SSH File Transfer Protocol ■ Operates on port 22 – standard port for SSH connections ■ Encrypts data for secure file transmissions ○ TFTP (Trivial File Transfer Protocol) ■ Basic version of FTP that lacks authentication and directory browsing ■ Operates on port 69 ■ Designed for sending files when minimal security is sufficient ○ SMB (Server Message Block) ■ A network file sharing protocol that allows applications to read and write to files and request services from the server programs ■ Operates on port 445 ■ Predominantly used for Windows file sharing ■ Samba ● A cross-platform version of SMB that exists on Linux systems ■ Almost exclusively used inside of LANs and it is not a protocol to send data across the Internet ○ Key Considerations for Protocol Selection ■ Align security requirements, network environment, and functionality 55 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ● FTP – basic transfers (ports 20, 21) ● SFTP – secure transfers (port 22) ● TFTP – simple, unsecured transfers (port 69) ● SMB – Windows file sharing in LANs (port 445) ● Remote Access Ports and Protocols ○ Remote Access Ports and Protocols ■ Build and manage systems and networks remotely from anywhere in the world ■ Crucial for interconnected environments, allowing control over systems, commands, and files. ○ Remote Access Protocols ■ SSH (Secure Shell) ● Protocol for secure remote login and network services over an unsecure network ● Operates on port 22 ● Provides a secure channel, strong authentication, and encrypted data communication ● Used by network administrators for remote control of web and server applications ■ Telnet ● Early remote log-in protocol 56 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ● Operates on port 23 ● Allows remote login to another computer on the same network ● Transfers data in plain text, making it susceptible to eavesdropping and on-path attacks ● Replaced by SSH due to lack of encryption ■ RDP (Remote Desktop Protocol) ● Proprietary protocol by Microsoft for graphical user interface remote connection ● Operates on port 3389 ● Allows remote access to a window system, supporting different network topologies ● Supports data encryption, smart card authentication, and bandwidth reduction ○ Considerations ■ Choose the appropriate protocol based on security requirements and specific tasks ■ SSH is recommended for secure command-line management. ■ Telnet should be avoided due to its lack of encryption ■ RDP is essential for secure graphical access to Windows-based systems 57 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ● Network Service Ports and Protocols ○ Network Services, Ports, and Protocols ■ Fundamental services for smooth digital communication and network management ■ Different services that ensure that the network devices can discover each other, communicate efficiently, and relay important system information to each other ○ DNS (Domain Name System) ■ Used for translating human-friendly domain names to IP addresses ■ Operates on ports 53 (UDP by default) for queries and responses ■ Uses TCP for larger messages ○ DHCP (Dynamic Host Configuration Protocol) ■ Automates the assignment of IP addresses and networking parameters to client devices ■ Listens on port 67 (UDP) for client requests ■ Responds on port 68 (UDP) ○ SQL Services ■ Refers to protocols used by database servers for managing queries ■ Microsoft SQL Server operates on port 1433 ■ MySQL Server on port 3306 ○ SNMP (Simple Network Management Protocol) ■ Used for collecting information and configuring network devices 58 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ■ Operates on port 161 (UDP) for polling ■ Operates on port 162 (UDP) for unsolicited trap messages ■ Crucial for network diagnostics and performance monitoring ○ Syslog (System Logging) ■ Standard for message logging allowing devices to send event messages across IP networks ● Syslog Server ○ Event message collector where syslog messages are sent to ■ Operates on port 514 ● Uses UDP by default ● Can use TCP for reliability ● Other Network Service Ports and Protocols ○ Other Network Service Ports and Protocols ■ Refers to different network, service, ports, and protocols that play a pivotal role in the network, time synchronization, and the establishment of communication sessions, as well as directory services ■ Crucial for organizing and providing access to distributed information located all across the network ○ Network Time Protocol (NTP) ■ Used to synchronize clocks of computers over a network 59 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ■ Vital for time-dependent processes, timestamping events, transaction logging, and security protocols ■ Operates over port 123 using the User Datagram Protocol (UDP) ■ Example ● Ensures consistency between server and client times, affecting encryption and decryption functions ○ Session Initiation Protocol (SIP) ■ Initiates, maintains, and terminates real-time sessions for voice, video, and messaging ● Common usage includes Voiceover IP applications for internet phone calls ■ Operates over port 5060 (traditionally) on both UDP and TCP for unencrypted signaling ■ Uses port 5061 using TCP with TLS (Transport Layer Security) for encrypted signaling ○ Lightweight Diectory Access Protocol (LDAP) ■ Protocol for accessing and maintaining distributed directory information services over an IP network ■ Used to look up personal information in email programs ■ Ports ● LDAP (Insecure): Communicates over port 389 using both TCP and UDP 60 https://www.DionTraining.com CompTIA Network+ (N10-009) (Study Notes) ● LDAPS (Secure): Encrypted with SSL or TLS, runs over port 636 using TCP