***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/nkp-ports-and-protocols/blob/main/README.md) >

## CompTIA Network+ - Course Material 2022
### Topic: ``Ports and Protocols``
***

Course material for the ``CompTIA Network+`` module of the ``ICT Associate Apprenticeship (Cybersecurity)`` programme.

<a id="top"></a>
***
## Table of Contents
***

###### Quick Links
***

* [Ports and Protocols](#topintroductionPortsandProtocolsandtheOSIModel)&nbsp;&nbsp;|&nbsp;&nbsp;[Test](#topintroductionPortsandProtocolsandtheOSIModelTest)

<hr width=50%;>

<a id="topintroductionPortsandProtocolsandtheOSIModel"></a>
### [Ports and Protocols](#introductionPortsandProtocolsandtheOSIModel)

* [1. Course Introduction](#introductionPortsandProtocols) <br/><br/>
* [2. TCP Protocol](#introductionPortsandProtocolsTCPProtocol) <br/><br/>         
* [3. IP Protocol](#introductionPortsandProtocolsIPProtocol) <br/><br/>
* [4. UDP Protocol](#introductionPortsandProtocolsUDPProtocol) <br/><br/>
* [5. ICMP Protocol](#introductionPortsandProtocolsICMPProtocol) <br/><br/>
* [6. Connection-oriented Protocols](#introductionPortsandProtocolsConnectionorientedProtocols) <br/><br/>
* [7. Connectionless Protocols](#introductionPortsandProtocolsConnectionlessProtocols) <br/><br/>
* [8. Well-known UDP and TCP Ports](#introductionPortsandProtocolsWellknownUDPandTCPPorts)

### [Practice: Port Assignments](#introductionPortsandProtocolsandtheOSIModelPracticePortAssignments)

* [1. Exercise: Assigning Ports](#introductionPortsandProtocolsPracticePortAssignments)

<a id="topintroductionPortsandProtocolsandtheOSIModelTest"></a>
### ⚡ [Test](#introductionPortsandProtocolsandtheOSIModelTest) 

### [Appendix](#appendix) 

<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsandtheOSIModel"></a>
***
### Ports and Protocols and the OSI Model
***

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocols"></a>
***
###### 1. Course Introduction
***

Cover the OSI layers and examine where various devices, services and protocols reside - also cover the well-known ports and their associated numbers.

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsTCPProtocol"></a>
***
###### 2. TCP Protocol
***

Transmission Control Protocol ``TCP`` – establishes and maintains network communication for applications to exchange data. 

It works in conjunction with the Internet Protocol ``IP`` - ``TCP/IP``. 

It defines how computers send packets of data to each other on a network - a fairly loose description. 

Can see the full definition in what's known as ``RFC 793`` - ``Request For Comment``.

This is effectively how protocols are developed - nobody owns ``TCP/IP`` - it really is developed by the community, if you will and an ``RFC`` is when somebody says, I think the protocol should do this or should have this feature and anyone can submit any kind of suggestion to an ``RFC``.

That is reviewed and, if accepted, it is ultimately worked into the definition of the protocol, so they are continually evolving.

One of the key characteristics of ``TCP`` is the fact that it is connection oriented - this means it establishes and maintains a connection until the applications are finished exchanging data.

Now that might seem like a fairly obvious approach - of course it establishes a connection and maintains it and you might equate that to a phone call. 

Pick up the phone, dial a number, somebody else has to answer, then we talk and then when we're finished, we hang up - that closes the connection and even if we aren't speaking for a few seconds at any point in time, the connection is still there. 

Will see certain types of applications and protocols that really don't use that approach (clarify that a little bit later on).

When it comes to applications that use ``TCP``, they do maintain this connection - so the responsibilities of the protocol are to provide for guaranteed delivery of packets, also to handle packet retransmission in the event of an error and it does this through the use of ``Acknowledgements`` - ``ACK``.

When the packet is received on the other side, it says, I received that and you can, therefore, be assured that your transmission has been received. 

Can equate that to sending a package through a courier - oftentimes, you want the recipient to sign to ``ACK`` that they received it, so you know it has arrived safely. 

``TCP`` does the same thing - when a packet is sent, it waits for the other side to ``ACK`` the receipt of that packet.

At which point, the originating application will send another packet and it will wait for an ``ACK`` from the other side and it will keep doing that over and over again. 

If an acknowledgement does not arrive, then it knows there was a problem and it retransmits the packet. 

This is how you get that guaranteed delivery - it was not received, I'll resend it, so it will ultimately always arrive when using TCP. 

In terms of the architecture, will certainly take a more detailed look at both of these models - ``TCP/IP`` model and the ``OSI`` model.

But they represent a means to develop protocols and applications and hardware that is independent of other components - in other words, if I'm an application developer, I really don't want to worry about developing network interfaces, that's not really my job, if you will. The layered structure allows developers to focus in on just their own little portion of an overall application or network protocol or piece of hardware.

In both models you do see, there is a ``Transport`` layer and as with the courier analogy, you have to move a package with a courier from one place to another. 

It is the ``Transport`` layer that is responsible for moving packets from one place to another in terms of network communications and ``TCP`` resides in that layer. 

Its job, is to just get the packets from point A to point B - it doesn't particularly care what the application is, nor does it really care, for example, what the physical network interface is - that's not its job. 

It is simply responsible for accepting a packet, sending it on its way to the other side, and then waiting for that ``ACK`` to come back so it can start all over again and just keep doing that - with this very focused task, it can provide those guaranteed communication services. 

The slight downside is that it can be a little bit slow compared to some other methods, because it sends, it waits for the ``ACK``.

If the ``ACK`` doesn't come, it sends again, so the overall communication can be a little bit slower when using ``TCP``, but it is more reliable.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsIPProtocol"></a>
***
###### IP Protocol
***

The Internet Protocol, or ``IP``, is also used in the delivery of data from one computer to another over the Internet for common applications, such as e-mail and web pages. 

It does not operate on its own - it is used in conjunction with ``TCP``, to again, form the familiar name ``TCP/IP``. 

But ``IP`` specifies the format of the packets and perhaps, most importantly, the ``Addressing Scheme``. 

In terms of some of the characteristics of the protocol itself, ``IP`` is connectionless, meaning there is no continuing connection between the hosts communicating together.

``TCP`` does establish and maintain a connection, so it's not that it isn't there, it's just that ``IP`` doesn't really care about it - that's not its job.

``TCP`` maintains and establishes the connection - ``IP`` says great, but I don't need to use that - as far as it's concerned, packets are treated as an independent unit of data with no relation to any other unit of data and in fact, packets can be sent out and not necessarily travel the same path through the Internet to arrive at their destination. 

If that's the case (packets not travel the same path through the Internet to arrive at their destination), they will then be assembled in the correct order because of the ``TCP`` protocol, again, not ``IP``.

Back to the analogy of sending a package using a courier - job of ``TCP`` was to ensure the package arrives safely - can do that by requesting the signature that says the recipient got the package safely.

Great, but there is a pretty important component missing - what was the address? 

That is the job of ``IP`` - ``Addressing Scheme``.

``TCP`` says great, here's your signature - ``IP`` says where does it have to go in the first place?

Assume you have two packages - it doesn't really matter if those two packages go on different trucks or different planes or travel different highways or different routes, as long as they arrive at the same destination - ``IP`` just doesn't care about that connection and the signature - ``ACK`` - just get it to that address by whatever means is hopefully most efficient.

Also it does not have to be the same every time, so that's what it means when it says, it's an ``independent unit of data`` - all I have to do is get this package to the correct address, and my job is done.

So the ``IP`` protocol operates at a lower layer than does ``TCP`` - can see it's at the network layer of the ``OSI`` model, and again, there are other protocols there, but ``IP`` handles that routing, the addressing, ensuring it ultimately, arrives at the correct location. 

``IP`` it doesn't need the connection - its not concerned with the ``ACK`` that happen up in the ``Transport`` layer - that's the job of ``TCP``, so the two of them certainly perform most important functions, if you will, of ensuring it gets from point A to point B in the correct manner.

![image.png](attachment:image.png)

> ``OSI`` model includes various layers such as Application, Presentation, Session, and Network.

> ``TCP/IP`` model includes various layers such as Application, Transport, and Network.

> Protocols and services at the ``Network`` layer are ``IP``, ``ARP``, ``ICMP``, and ``IGMP``.

***
###### Internet Protocol Version 4 (IPv4) - ``172.16.254.1``
***

With respect to its address format, ``IPv4`` is probably still the most common by far. 

Fourth version of the ``IP`` Protocol, and it is made up of ``32-bits`` or ``4-bytes``.

This format, as you can see there are binary values at the bottom of the graphic, just ``1`` and ``0``, in groups of eight.

Theses ``1`` and ``0`` are then converted into what we call a decimal value.

With ``32-bits`` of two possible values, ``1`` and ``0``, it gives you $2^{32}$ possible addresses, which is approximately 4 billion, which might seem like a lot, but in fact, that is becoming limited with the number of devices that are on the Internet these days.

In [1]:
2**32

4294967296

![image.png](attachment:image.png)

***
###### Internet Protocol Version 4 (IPv6) - ``2001:0db8:3902:00c2:0000:0000:0000:fe04``
***

``IPv6`` is the successor to ``IPv4``.

This has a ``128-bit`` address space which supports $2^{128}$ total addresses, which is just an enormously large number. 

Can see there are approximately $(3.4 x 10)^{38}$, or 340 trillion, trillion, trillion addresses.

In [2]:
2**128

340282366920938463463374607431768211456

Unbelievably huge in terms of the total address space.

Can see it looks quite different - it is still binary at its core, but hexadecimal characters are used to represent it and the format that you see here can be condensed a little bit by suppressing the zeros.

So if you see a leading zero in a group, then it can simply just not be shown - ``0db8`` can be represented as just ``db8``.

The protocol knows the ``0`` is there, it says wait, there's only three characters, there's supposed to be four, therefore, the first character is a missing ``0``.

If there are two of them, you can suppress both and if you have subsequent groups of all zeros, they can be represented by simply closing the colons together and again, the protocol knows that if those characters aren't being displayed, they're just all zeros. 

So it makes it a little bit simpler to us, of course, who simply have to look at the address and read it - the new address is ``2001:db8:3902:c2::fe04`` - suppressing the zeros makes it a bit simpler.

![image.png](attachment:image.png)

In terms of implementation, most operating systems these days support both, and in most of the later Windows operating systems, ``IPv6`` is the default. 

It doesn't mean that you can't just disable it if you want to - you don't have to use it, you can use ``IPv4`` or ``IPv6`` - ``6`` is certainly becoming more common. 

It was designed for newer types of communications specifically things like Voice over IP and video conferencing. 

It's a little better at handling those types of applications, but its address scheme is certainly more complicated, so version ``4`` is probably much more common still, in most environments.

But ``IPv6`` is up and coming, if you will, and will certainly grow in terms of its implementation as things move along - both protocols today are in place. 

Either can be used - both can be used - really is up to you and of course, depending on which applications you implement most frequently, you might be better suited for one protocol or the other.

So ultimately, ``IP``, is responsible for that address format and moving the packets to the correct addresses through the Internet, using whichever route is necessary to get it from point A to point B, but again, not concerned with things like ``ACK``, that's the job of ``TCP`` - ``IP`` just stamps that address on there and send it on its way.

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsUDPProtocol"></a>
***
###### 4. UDP Protocol
***

User Datagram Protocol or ``UDP`` is often implemented as an alternative communications protocol to ``TCP``.

Say alternative, because you do have a choice, it depends on the application and the circumstances with respect to which ``Transport`` protocol you choose. 

``UDP`` is primarily used for communications that favor low-latency, or quite simply, speed, and also those that can tolerate some data loss and you might think, well when is it okay to lose data? There are situations where it's not that big a deal.

It still runs on top of ``IP`` - in other words, it is a ``Transport`` Layer Protocol, similar to ``TCP``, so ``IP`` is still required for addressing and routing - so the choice then really is which ``Transport`` protocol to use.

***
###### ``UDP`` - Use Cases
***

``UDP`` is the ideal protocol for network applications such as gaming, video communication, voice communication, or any data that can suffer some data loss without affecting the overall quality or where you can rely on the application itself to be responsible for re-transmitting lost packets and arranging received packets. 

Can work that into the application if you want to, it does not have to be the job of the ``Transport`` protocol, so again, to clarify all that, let's recap ``TCP`` - it implements communications by establishing a connection and then using ``ACK`` to provide that guaranteed reliable delivery - certainly good but it comes at a cost - it is slower, so you favor the reliability but you sacrifice the speed.

``UDP`` is the exact opposite - it does not implement a connection nor does it use ``ACK``, so where I equated ``TCP`` to a phone call where you have to dial a number and somebody has to pick up, there's your connection - ``UDP`` would be more like sticking your head out the window and just screaming at the people below, in essence, hope that they will listen to you, but you really don't know if they are.

But you are still sending the information out, so again, in terms of things like video communication or voice communication, imagine you are watching a YouTube video - in this case, you want it to come down as fast as possible and if a little bit of it is garbled or if you've missed something, it's not critical because you can just load the video again - it's not going anywhere, it's still there on the server. 

So it is, in that case, acceptable to lose a little bit of data. 

In most cases you'll just be like, well that was no big deal, I'm just going to let it play - the same goes for voice communications, even if you are speaking to someone using Voice over IP, if something got garbled and you missed it, well you could just ask them to repeat it. 

In those cases, data loss is acceptable to a degree, but ultimately, it's the speed - want the performance of the application to be as high as possible - not as concerned with the reliability, therefore ``UDP`` is the better choice.

***
###### ``UDP`` - ``OSI`` Model
***

In terms of the ``OSI`` model, it does operate at the same layer as ``TCP`` - both are ``Transport`` protocols, but they handle that transport differently - that's basically the choice between the two.

***
###### ``UDP`` - Data Transmission Services
***

When it comes to the application, ``UDP`` works in conjunction with the higher level protocols, just like ``TCP`` does. 

But again, it's the certain type of transmission that you want that determines the ``Transport`` protocol that is most appropriate.

> ``Trivial File Transfer Protocol``, or ``TFTP`` uses ``UDP`` as its ``Transport`` protocol - it favors speed.

> ``FTP`` all by itself uses ``TCP`` as its ``Transport`` protocol - it favors reliability.

> ``Real Time Streaming Protocol``, or ``RTSP``, favor ``UDP`` as the ``Transport`` protocol (not as concerned with the reliability).

> ``Simple Network Protocol``, ``SNP``, favor ``UDP`` as the ``Transport`` protocol (not as concerned with the reliability).

> ``Domain Name System`` lookups, ``DNS``, favor ``UDP`` as the ``Transport`` protocol (not as concerned with the reliability).

If something fails, it's usually not critical - if it is somewhat critical, we can just try again, so as an application developer, you can design your applications and in essence decide for yourself - determine what's more important:

i. speed and performance?

- speed, want ``UDP``

ii. reliability and guarantee communications?

- reliability, want ``TCP``

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsICMPProtocol"></a>
***
###### 5. ICMP Protocol
***

``Internet Control Message Protocol``, or ``ICMP`` is responsible for providing error-reporting services. 

It generates error messages when there are problems delivering ``IP`` packets and it creates and sends messages to the source ``IP`` address indicating any issues with the router, the host, or the service. 

Any ``IP`` network device can send, receive, or process ``ICMP`` messages - it's a built-in functionality if you will and it is in fact one of the main protocols in the overall ``Internet Protocol`` suite, but it's ``not a Transport`` protocol. 

It does not serve the functions of maintaining connections or ``ACK`` or anything along those lines - it certainly is commonly used in diagnostics and troubleshooting - ever issued a ``ping`` or a ``traceroute`` command, they exclusively use ``ICMP`` in terms of getting the status back. 

> ``ping`` more or less just says are you alive

> ``traceroute`` quite literally traces the route a packet takes from point A to point B

Both rely on ``ICMP``.

***
###### ``ICMP`` Messages
***

The messages themselves are transmitted as datagrams in two broad categories:

i . Error-reporting


ii. Query Messages

The ``Error-reporting`` is of course something went wrong - if there is a problem, it is the responsibility of ``ICMP`` to report that error. 

the ``Query``, like the ``ping`` command - effectively:

- What is your status? 


- Are you alive? 


- Are you able to receive? 

One of the very first troubleshooting techniques when any kind of communication fails, is can you ``ping`` that system. 

That's sending out the ``Query`` - Are you there? Can you hear me? 

These are the two basic categories of ``ICMP`` messages and again, a lot of different applications will use ``ICMP``.

Its primary function is really just to report those errors, and/or to query the status - it doesn't really do anything to correct them - it's just so that you can be made aware of the problems so that they can then be addressed.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsConnectionorientedProtocols"></a>
***
###### 6. Connection-oriented Protocols
***

The connection-oriented protocol, is used by endpoint devices to transmit data - although perhaps not directly (clarify what that means in a moment), but it's more so of a preliminary protocol used to establish end-to-end connections. 

So if you think about any two people having a conversation, as long as they both speak the same language, then of course, they can both be understood. 

So in terms of network communications, we tend to think of the protocols as the language - that is, ultimately, how you communicate. 

But, again, for two people who know the same language, there are some intrinsic rules that both parties know in order to communicate effectively - in other words, again, going back to the conversation, if I'm speaking to someone, I know that I should not speak when they are speaking - should let that person speak, listen, then respond.

The person on the other side should take their turn listening and, of course, that's how you implement a normal communication.

Also know that you really shouldn't speak too quickly, or you shouldn't use terms that maybe aren't familiar to the other person - so there are several rules, again, that are really just implied. 

But we know those rules - so this is, more so, the connection-oriented protocol. 

It is not really concerned with the language or the direct communication, but rather, setting up the rules of communication. 

It is referred to as the reliable service network, it guarantees data will arrive in proper sequence.

An example of a connection-oriented protocol is ``TCP``.

An example of one of the rules - making sure it arrives in the proper sequence and that it is guaranteed to arrive and, again, ``TCP`` implements that through the use of ``ACK``, so it's not so much a matter of the direct communication, but rather how the communication will occur.

So in terms of the benefits for a connection-oriented protocol, it is less error prone, it's more reliable, and data arrives in the same order. 

Now, with respect to that order, it is not 100% guaranteed that everything will actually arrive on the network interface in the correct order, but it is ultimately reassembled in the correct order. 

So as far as the application is concerned, it doesn't care if one packet arrived ahead of another in the wrong order, as long as they are ultimately assembled correctly, that's the main thing. 

So, again, the ``TCP`` protocol, which is connection-oriented, in essence, provides these benefits.

It can inform the sender if there is an error, it can say, that data is corrupted, please resend - it will be resent and if anything is out of order, it will ultimately be reassembled in the correct order.

So it is less error prone and more reliable, but that does come at a bit of a cost, it is generally a slower protocol - if you have to resend lost packets, it is going to take more time. 

If they are arriving entirely out of sequence and it has to then be re-sequenced, that takes a bit of time. 

You sacrifice the speed for the reliability. 

Depending on what the application is and the type of communication you want, then these generally provide the benefits that are necessary. 

When it's an application that really does not have to be all that fast, and we really want it to be safe and secure and reliable, then connection-oriented protocols are often chosen. 

So ultimately, again, it's not really handling the communication itself, but setting up the rules of communication and ``TCP`` is a good example of a connection-oriented protocol.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsConnectionlessProtocols"></a>
***
###### 7. Connectionless Protocols
***

The term connection, obviously, if two systems are communicating with each other at a fundamental level or perhaps a physical level, if you will, there is a connection. 

Information is flowing between those two systems, so the term connection in that connotation doesn't really refer to that physical connection. 

It is more so how the connection is set up, so looking at the connectionless protocols, we see communication sent between the two network endpoints without any prior arrangement. 

That is the distinction between the connectionless and the connection-oriented - no prior arrangement.

With the connection-oriented, there is a negotiation, if you will, there are some rules that are set up and defined. 

One system will say, I have data to transmit - are you ready to receive? 

The other end will say yes, I am ready and then they'll negotiate some other characteristics, such as the rate of transmission and how to re-request any data that might have been lost. 

So those rules represent the connection in this implementation. 

So with connectionless protocols, we just don't see those rules - any given device will send the message prior to ensuring the other device on the other end is even ready to receive it. 

It just doesn't concern itself with are you ready, what are the rules, what do we do in the event of error - it's just send, send, send, send. 

In fact, in most open Internet transmissions and again, a common example of that is video streaming - it just does not concern itself about if the other end is ready, it's just going to send it. 

Certain protocols can still allow for error correction - in other words, retransmission can be requested if necessary, but it typically is not the job of the connectionless protocol.

It's usually one of the higher level protocols that will handle that retransmission.

***
###### Supported Connectionless Protocols
***

Some of the supported connectionless protocols include ``IP``, ``UDP``, the counterpart to ``TCP``, ``ICMP``, and ``IPX`` and there are others, of course, but ``UDP`` is certainly one of the most common examples of a connectionless protocol. 

It still operates (``UDP``) at the same layer as ``TCP``, both ``Transport`` protocols, so again, it's still moving the data from one place to another.

It is simply the fact that those rules are not really implemented in the connectionless protocol - that is the job of a connection-oriented protocol, such as ``TCP``, but ``UDP`` says no, I don't want to bother with that because again, of course, the drawback of the connection-oriented protocol is speed - are not as fast - are more reliable, so that's great, but they aren't as fast.

If you don't concern yourself with all of those rules, you can just send the data a lot faster.

![image.png](attachment:image.png)

***
###### Connectionless Protocol Features
***

So in terms of the features, there is no reliability built-in to connectionless protocols. 

There are no error messages - if not all the data was sent then there is no request to resend. 

![image.png](attachment:image.png)

Higher level protocols can be implemented to address those problems if necessary, and these are often referred to as stateless communications - since there is no negotiation, no setup, no set rules, then they typically call this is a stateless connection. 

Those that do implement those roles effectively refer to the connection to be in a certain state, so ``connection-oriented`` protocols are ``stateful``, ``connectionless`` are ``stateless``.

***
###### Transmission Types
***

In terms of some of the types of transmissions, there are three basic types:

i. unicast


ii. broadcast


iii. multicast

Unicast transmissions generally use connection-oriented protocols.

The unicast is one to one, the broadcast is one to everyone, and the multicast is one to many or several.

So if you have a single system on a network that needs to communicate with every other host on that network, it will use a broadcast. 

It sends the packets simultaneously to every other system, so if it needed to negotiate those rules with every other system, it would simply take far too long, and the same goes for a multicast. 

Now you never really know how many systems are in a multicast group - somebody sets up the group and says this particular host belongs to a specific multicast group. 

Can create several smaller groups from the entire network, and then you can send a packet to just the group, but the same thing applies - don't want to spend time setting up those rules of communication with all of the other systems within the group. 

It would just take too long - so broadcasts and multicasts typically, will implement connectionless protocols when transmitting because again, it quite simply is faster. 

Ultimately, there is a fairly basic consideration - if you favor reliability, you would want to implement a connection-oriented protocol - if you favor speed, you would want to implement a connectionless protocol.

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsWellknownUDPandTCPPorts"></a>
***
###### 8. Well known UDP and TCP Ports
***

These are layer 4 protocols, so they do use port numbers to create their sockets. 

A well-known port is basically a port below number 1,024.

Called these the service ports because these are used to identify the specific type of service that's being requested from the client system. 

In the ``IP`` header, this would be the destination port or the service port. 

The source port or the originating port will typically be some ephemeral port number that's chosen by the client somewhere well above 1,024.

Remember, ``TCP`` and ``UDP`` ports in the header, is a ``16-bit`` field, so we have 65k+ possible ports for ``TCP`` and another 65k+ for ``UDP``. 

> ``File Transfer Protocol`` service ports, ``20`` and ``21`` - now, ``20`` is the port we use for ``data``, and ``21`` is used for basically ``control packets`` or ``control segments`` that are sent - so ``FTP`` actually uses a couple of different ports. 

> ``Secure Shell`` will use port ``22`` - use ``Secure Shell version 2`` (Diffie-Hellman protocol to generate shared secret key material).

> ``Secure File Transfer Protocol`` (``Secure Shell over FTP``) - ``FTP`` using ``SSH`` also uses port ``22``.

> ``Telnet`` (don't use Telnet as much anymore) - use port ``22`` in Secure Shell whenever possible - ``Telnet`` is an unsecure protocol that sends the information in clear text - replace ``Telnet`` on port ``23`` with ``Secure Shell`` on port ``22``.

> ``SMTP`` is the protocol that's used to send information between message transfer agents, your email program, this is port ``25``.

> Port ``53`` is very popular - that's the ``DNS`` - ``Amazon Web Services`` has a service called ``Route 53``, and this is basically their ``DNS`` service in the cloud.

Remember ``Route 53`` and that's the domain name service - ``53`` is used by ``DNS`` for ``tcp/53`` and ``udp/53``, so sometimes protocols will use both ``TCP`` and ``UDP`` and this is one of those cases:

- ``DNS`` query, that's going to be done with ``udp/53``


- Transferring some database from one ``DNS`` server to another, that would be using ``tcp/53``. 

> ``DHCP`` is the ``Dynamic Host Configuration Protocol`` that is going to lease out ``IP`` addresses, and other optional information to those network clients.

- ``DHCP`` server operates on ``udp/67``


- ``DHCP`` client operates on ``udp/68`` 

> Port ``69`` is the ``Trivial File Transfer Protocol`` - going to be using ``UDP`` and it's ``udp/69`` - often use ``TFTP`` to download configuration files for routers and switches and firewalls. 

> Most popular port out there is ``TCP`` port ``80``, and that's for ``HTTP``, ``Hypertext Transfer Protocol`` - even though we're starting to see port ``80`` used a lot less and being replaced with the port for ``HTTPS``.

> Common protocol on the Internet when you download email is ``POP``, ``Post Office Protocol``, this is going to be ``tcp/110``. 

> Port ``123`` is the ``Network Time Protocol`` - that can also be ``UDP`` or ``TCP``, but most commonly we're using ``udp/123``. 

> Port ``143`` is ``IMAP``, ``Interactive Mail Access Protocol``. 

> Port ``161`` is ``SNMP``, very popular network management protocol, ``Simple Network Management Protocol``. 

> Very common protocol is the ``Lightweight Directory Access Protocol``, ``LDAP``, used to access configuration items in a directory like Active Directory. 

A lot of organizations today will block port ``389``, and actually use the ``SSL/TLS`` version of ``LDAP``, and that's going to use port ``636``. 

> Using the secure version of ``HTTP``, instead of using port ``80``, going to use port ``443`` and this is very common for ``SSL/TLS``.

> Port ``445`` is used in a Microsoft environment - ``Server Message Block``, ``Microsoft SMB``, using port ``445``. 

> ``Lightweight Directory Access Protocol`` over ``SSL``, and technically, you're using ``TLS``, ``Transport Layer Security 1.1 or 1.2`` - call that ``LDAPS``, port ``636``.

> ``H.323`` is basically an ITU recommended protocol - used for audio visual communication sessions on our ``TCP`` based network - running on port ``1720``.

Deals with all the call signaling and control, multimedia transport and control, and bandwidth control for point-to-point, and multi-point conferencing. 

> Port ``3389`` is the ``Remote Desktop Protocol`` - very common protocol used in Microsoft organizations to get remote access to do management of systems, troubleshooting, tech support, and other purposes.

> Voice over IP realm, a very popular protocol is ``Session Initiation Protocol`` or ``SIP`` - this is going to operate on port ``5060`` and ``5061``. 

Keep in mind that more often than not what we're seeing is that client and services are actually getting off the well-known ports and using other ephemeral ports.

As long as the client and the server agree, then they can have communication - so the well-known ports are also well-known to hackers and crackers and attackers and so they're often the most commonly vulnerable ports in your network enterprise.

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsandtheOSIModelPracticePortAssignments"></a>
***
### Practice: Port Assignments
***

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsPracticePortAssignments"></a>
***
###### 1. Exercise: Assigning Ports
***

- Recognize when to use port ``80``. 


- Describe the service that uses port ``20``.


- Determine which port is used to send email. 


- Determine which port is used for secure Internet transactions.

Port ``80``, this is for web sites - ``Hypertext Transfer Protocol`` or ``HTTP`` uses port 80 by default. If you want to host a new web site, it would be accessible through port ``80``.

Port ``20``, this is ``FTP``, the ``File Transfer Protocol`` - often used when copying files from a local system up to a web server - if for example your site is hosted somewhere else other than where you are, you would develop the site locally and then simply upload those files.

Port ``25``, this is ``Simple Mail Transfer Protocol`` to send email by default.

Port used for secure Internet transactions, port ``443`` - secured implementation of ``HTTP`` or ``HTTPS`` uses port ``443`` by default.

< [Table of Contents](#top) | [References](#references) >
<a id="introductionPortsandProtocolsandtheOSIModelTest"></a>
***
### ⚡ Test
***

![image.png](attachment:image.png)

![image.png](attachment:image.png)

![image.png](attachment:image.png)

![image.png](attachment:image.png)

![image.png](attachment:image.png)

![image.png](attachment:image.png)

![image.png](attachment:image.png)

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [3]:
from IPython.core.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

# END JUPYTER NOTEBOOK