assorted numbers photography
Tue Dec 13

Essential Ports Numbers Explained

When working with network configuration, it is more likely that you will find several things related to ports which are based on the transport layer protocols. Here are some important ports that you need to know.

FTP (21 - TCP)

FTP (File Transfer Protocol) is used for file transfer by establishing communication via TCP/IP. FTP is built on a server-client model, meaning that any devices can communicate to the server and might be able to download the file from. The server itself can be a dedicated server or a computer that acts as a server.

Back then, FTP was supported by many web browsers. As for today, most of them have dropped the support due to low usage and security reasons. To use FTP, you need FTP-client and the most popular one is FileZilla which you can download for free.

Another important thing to know is the fact that it is not a secure protocol. The file being transferred using FTP is not encrypted. Thus, it is recommended to use SFTP (Secure File Transfer Protocol) which provides encryption while using Secure Shell (SSH) for data transfer that works on port 22.

SSH (22 - TCP)

SSH is a terminal emulation that allows users to access the server remotely. To do that, the client needs to authenticate to the server by using the username and password. Another better option is using RSA which doesn’t require the user to insert anything. It requires the client to send the public key once to the server and let the server match it with the client’s private key every time the user attempts to login.

Just by using the terminal via SSH, the client should be able to do all the administrative tasks and have full control over the server. However, it is still limited by the privileges and permissions of the user to whom the client is trying to authenticate.

SSH (Secure Shell) works the same way as TELNET does. However, there are some differences. TELNET runs over port 23 while SSH runs over port 22. As the name suggests, SSH is more secure as it uses encryption while TELNET doesn’t. Hence, it is recommended to use TELNET only on Local Area Network or better use SSH as the data is transferred as a plain text.

SMTP (25 -TCP)

SMTP (Simple Mail Transfer Protocol) is the protocol for sending email. How it works is pretty simple. By using this protocol, email will be sent from the client or sender to the SMTP server. If the intended recipient uses a different server, the mail will be sent from the sender’s SMTP server to the recipient’s SMTP server. The SMTP uses TCP connection to ensure your email is delivered to the correct address. The server will notify you if an email address is incorrect or unavailable for the recipient.

DNS (53 - TCP & UDP)

This protocol is used for DNS (Domain Name System). DNS (Domain Name System) translates the IP of a device into a more human-friendly name. In a network, this protocol is responsible for transmitting DNS queries. It uses both TCP and UDP for different purposes. The fast and low overhead of UDP is used for DNS query while the more reliable TCP is used for zone transfer.

This port is often exploited by the attackers during the reconnaissance phase as it gives them a lot of information through query. Information on IP addresses of servers and hosts within an organization’s internal network is provided, which gives an idea of how an organization is structured.

HTTP (80 - TCP)

HTTP (Hyper Text Transfer Protocol) works on the application level in the TCP/IP model. Massively used for the World Wide Web, this protocol is responsible for transmitting hypermedia documents such as image, audio, and video. Back then, it was designed to establish communication between the web browser and the web server.
In today’s world, however, it is used for a wider range of purposes such as API requests. Also, HTTP follows the client-server architecture and response/request semantics. The client requests information to the server and the server will respond based on the request retrieved from the client.

HTTPS (443 - TCP)

HTTPS stands for Hyper Text Transport Protocol Secure. As the name suggests, this protocol is used for more secure communication as compared to HTTP. Works the same as HTTP, the connection between the client and server is encrypted with an SSL certificate. The purpose simply makes it harder for the actual message being read by the intruder. For security reasons, this is way better than sending a plain text on port 80 (HTTP).

POP3 (110 - TCP)

In order to receive the email from the SMTP server, the recipient has to use either POP3 or IMAP protocol. POP3 (Post Office Protocol) is the protocol that lets you download a particular email then delete the actual message from the mail server. If you decide to use POP3 you can’t get the email on the multiple device as it will be deleted once it was downloaded by a single device. However, the option to turn this feature off is usually available if you do not want to do so.

IMAP (143 - TCP)

Despite it being another protocol that is also used for receiving email, how IMAP works is quite different as compared to POP3. IMAP (Internet Message Access Protocol) makes it possible for the user (recipient) to get the message between multiple devices. Additionally, this protocol synchronizes the content of email messages as well as folders between them. Thus, if you decide to delete a message in the inbox folder from a device, it will apply to other devices as it caches and synchronizes to these devices as well.

SMB (139, 445 - TCP)

SMB (Server Message Block) is used for transferring files and sharing network peripherals like printers. The port 139 is used for running session service at the top of NetBIOS which is mostly used for peripheral communication. The port 445 is now assigned for a newer version of SMB so it might be run at the top of the TCP stack directly. Because of this, it is possible to use file sharing by using IP address as the hosts identifier. From the security standpoint, it is better to close both if there’s no need to use it as publicly exposed ports may lead to these ports being exploited by the attackers to gather the information of the user device and its network. Even worse, this protocol was involved in the notorious WannaCry ransomware attacks beforehand.

DHCP (67, 68 - UDP)

The DHCP server uses port 67 to communicate and assign IP addresses to the hosts (clients) which listens to port 68. The purpose of using dhcp is to configure IP address and other parameters (subnet mask, default gateway and dns server address) automatically with the help of DHCP server. However, the configuration can still be done manually.

TFTP (69 - UDP)

Unlike FTP, TFTP (Trivial File Transport Protocol) works on UDP meaning it does not guarantee (unreliable) file delivery (check how it works here). Used only for transferring configuration files and firmware it uses UDP for the reason of which is small and way easier to implement.

As opposed to FTP, although it doesn’t have encryption, it isn’t as critical. This is because TFTP only works on a local network which is safer as compared to FTP that works via the internet.

NTP & SNTP (123 - UDP)

NTP stands for Network Time Protocol which is used for clock synchronization. Some applications use it for various reasons, including logs. Because every device has its own internal clock, the problem may occur if the clock set is wrong.

NTP works using a hierarchical system called stratum with the most accurate being the stratum 0 and going less and less accurate to stratum 15. Stratum 16 indicates the clock is unsynchronized. Unlike NTP, SNTP offers much simpler and fewer resources as it depends only on solitary time reference. SNTP, however, has a disadvantage of less accuracy. Another worth mentioned protocol regarding clock synchronization is PTP (Precision Time Protocol).

In terms of accuracy, it offers way more precision as it offers accuracy in nanoseconds while NTP only offers accuracy in microseconds.

SNMP (161 - UDP)

SNMP (Simple Network Management Protocol) is used by the administrator to monitor the network and modify configuration remotely. The request will be sent by SNMP manager to the SNMP agent via UDP port 161. This process is called polling which basically asks for MIB from the agent. The agent will send back the OID related message to the manager to UDP port 162.

OID is an identifier of the items where the SNMP can be communicated with no matter if it can be monitored or not. OID is in the form of numbers separated by periods. A MIB converts OID numerical identifiers into human-friendly words.

Summary

In order to configure the network properly, it is important that you have a good understanding of the several ports mentioned above. The primary concern is with networks that connect directly to the internet. It is important to know that network misconfiguration can lead to the entire network being compromised since it could expose security holes that attackers can exploit.

You might like

SQL injection Explained with Example

Learn what SQL injection is, how it works, and how to prevent it in this article. You will also see a practical example of SQL injection using Burp Suite and OWASP Juice Shop. Don't miss this chance to improve your web security skills. Read now!
SSL Tunneling Explained In-Depth

Learn what SSL tunneling is, how it works, what are its benefits, types, and applications in this in-depth article. Discover how SSL tunneling can help you secure your online activity and access restricted websites.