Home > Articles

TCP/IP Ports and Protocols

Like this article? We recommend

CCENT/CCNA ICND1 640-822 Official Cert Guide, Premium Edition eBook and Practice Test, 3rd Edition

Like this article? We recommend 

One of the many fundamental things to know as a network engineer is the function and port number used by a number of common services as well as many that are typically implemented during the course of a network engineer’s career. Below, we take a look at these protocols, provides a basic description of their function, and lists the port numbers that they are commonly associated with.

Table 1 Common TCP/IP Protocols and Ports

While it may seem obvious that there are large number of ports that are missing from this list, the purpose here was to just cover the most commonly seen and used protocols. The complete list of assigned ports and their assigned services can be seen at http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml . Hopefully the contents of this article will help in determining the correct port number to use when implementing these services.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply www.informit.com/u.aspx , enter your email address in the field supplied, and click the Submit button. On the resulting page, check the box of the particular item(s) you would no longer like to receive, and click the Unsubscribe button-->email [email protected] .

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form .

Other Collection and Use of Information

Application and system logs.

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

This site is not directed to children under the age of 13.

Pearson may send or direct marketing communications to users, provided that

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page . If a user no longer desires our service and desires to delete his or her account, please contact us at [email protected] and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx .

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to [email protected] .

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020

Pearson Certification

© 2023 Pearson Education, Pearson IT Certification . All rights reserved.

221 River Street , Hoboken , NJ 07030

Subscribe Now

* You will receive the latest news and updates on your favorite celebrities!

Trending News

Vincent Tech Blog

40 Network Protocols with Port Numbers, Transport Protocols and Meanings 

port numbers and protocols

40 Network Protocol Names And Port Numbers With Their Transport Protocols And Meanings tabulated by Precious Ocansey (HND, Network Engineer).

Before going straight to the table.

Firstly, what are Network Protocols?

Network protocols are the languages and rules used during communication in a computer network. There are two major transport protocols namely;


port numbers and protocols

TCP   which stands for “Transmission Control Protocol”, is a suite of communication protocols used to interconnect network devices on a local network or a public network like the internet. TCP  is known as “connection-oriented” protocols as it ensures each data packet is delivered as requested. Therefore, TCP is used for transferring most types of data such as webpages and files over the Internet.

UDP which stands for “User Datagram Protocol” is part of the TCP/IP suite of protocols used for data transferring. UDP is a known as a “connectionless-oriented” protocol, meaning it doesn’t acknowledge that the packets being sent have been received. For this reason, the UDP protocol is typically used for streaming media. While you might see skips in video or hear some fuzz in audio clips, UDP transmission prevents the playback from stopping completely.

Furthermore, TCP also includes built-in error checking means TCP has more overhead and is therefore slower than UDP, it ensures accurate delivery of data between systems. Therefore TCP is used for transferring most types of data such as webpages and files over the local network or Internet. UDP is ideal for media streaming which does not require all packets to be delivered.

Port Numbers: They are the unique identifiers given to all protocol numbers so they can be accessed easily.

Below is as written  by Precious Ocansey. The 40 Network Protocols, their port numbers and their transport protocols

FREE Coupon: Complete Certificate Authority (ADCS) Server 2016 Course

How to blend ghanaian flag with an image - photoshop cs6.

port numbers and protocols

Related posts

Configure dfs namespace and replication in windows server 2012 , 4 – classes of ipv4 address , (complete) how to configure certificate authority (adcs) server 2016 (part 1) , transfer or seize (fsmo roles) – windows server 2012 , how to make & test a cat 6 network cable – easy , how to configure adrms windows server 2012 .

port numbers and protocols

Good job.interesting more grace sir

Iṣẹ rere, diẹ ẹ sii oore ọfẹ

port numbers and protocols

ICMP does not use any port, 1 is its protocol number.

port numbers and protocols

Updated. Thank you

port numbers and protocols

IGMP does not use a transport layer protocol such as TCP or UD

port numbers and protocols

Leave a Reply Cancel reply

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.

Notify me of new posts by email.

This site uses Akismet to reduce spam. Learn how your comment data is processed .

Today's pick

Svn fix trac error: no node at revision wp plugin , fixed xcodebuild: failed to load code for plug-in – repeatedly being asked to install command line tools , fixed: cloud run – failed to start and then listen on the port defined by the port , deploy react app on google cloud with cloud run 2022 , setup flutter on kali, ubuntu, and any other linux distro  , build a quiz app using flutter for android and ios  , breaking: see top 10 countries affected by ransomware, the new cyber-attack  , 40 network protocols with port numbers, transport protocols and meanings  , subscribe for newsletter.

* You will receive the latest news and updates on your favorite topics!

flutter version downgrade

How to Downgrade Flutter Version – FIXED 

Learn how to downgrade your flutter version to a lower version, in this article we will reduce the flutter version…

resources for playstore and apple store

Generate Resources for Android Playstore & iOS Apple Store Flutter 

In this post, we’ll generate resources for the flutter app we created in the previous post. we’ll be learning how…

flutter app

Build a Quiz App using Flutter for Android and iOS 

In this post we’ll be working with Flutter, a fast-rising Developer tool built by Google to develop an Android App,…

flutter linux

Setup Flutter on Kali, Ubuntu, and any other Linux Distro 

In this post, we’ll be learning how to set up your Flutter on Linux for development. Flutter is a fast-rising…


Hey there, updating your MacOS Montery Xcode can be a pin in the a$$ especially when you got Xcode working…

Username or Email Address

Remember Me

Registration is closed.

About TCP/UDP Ports

Network Gear

Service Name and Transport Protocol Port Number Registry

port numbers and protocols

Contact Information

Related Articles

50 Common Ports You Should Know

Port number is a 16-bit numerical value that ranges from 0 to 65535. Well-known port (0-1023), registered port (1024-49151), and dynamic port is three types of port number space. (49152-65535).

These ports can be opened and used by software applications and operating system services to send and receive data over networks (LAN or WAN) that employ certain protocols (eg TCP, UDP).

For example, we use 80 for HTTP-web-based plain-text surfing and 443 for HTTPS-web-based encrypted websites in our daily work.

To conclude, a port is a logical form to identify system activities or various network services used to create local or network-based communications.

What are the functions of ports?

When interacting over the Internet, TCP and UDP protocols make connections, recompile data packages after the transfer, and then deliver them to applications on the recipient’s device. For this handover to work, the operating system must install and open the gateway for the transfer. Each door has a unique code number. After transmission, the receiving system uses the port number to determine where the data should be sent. The port numbers of the sender and receiver are always included in the data packet.

Ports are assigned sequential numbers from 0 to 65536. Some of these codes are standardized, meaning they are assigned to certain uses. Since code numbers are universally recognized and permanently assigned, these standard ports are also known as well-known ports. Registered ports are those that organizations or software developers have registered for their applications. Registration is handled by the Internet Assigned Numbers Authority (IANA). A diverse selection of dynamically assigned port numbers is also available. For example, when viewing websites, browsers use these ports. After that, the phone number is free again.

Why is it important to know these ports?

Any security researcher, bug bounty hunter, or anyone working with service configuration would benefit from this. Knowing how to do more thorough scans such as version detection or known vulnerabilities for ancient services that are still operating in the infrastructure, especially when using tools like Nmap, is handy when getting to know these protocols and services. 

The most 50 significant ports are listed here:

The following are some of the most common service names, transport protocol names, and port numbers used to differentiate between specific services that employ TCP, UDP, DCCP, and SCTP.

Please Login to comment...

New Course Launch!

Improve your Coding Skills with Practice

Start your coding journey now.

port number

Lynn Haber

What is a port number?

A port number is a way to identify a specific process to which an internet or other network message is to be forwarded when it arrives at a server . All network-connected devices come equipped with standardized ports that have an assigned number. These numbers are reserved for certain protocols and their associated function. Hypertext Transfer Protocol ( HTTP ) messages, for example, always go to port 80 -- one of the most commonly used ports.

Developers of the Advanced Research Projects Agency Network , an informal cooperation of system administrators and software authors, proposed the concept of port numbers. Once known as socket numbers , the early incarnation of port numbers is similar to the Internet Protocol ( IP ) address class used today.

What is the difference between an IP address and a port number?

An IP address identifies a machine in an IP network and is used to determine the destination of a data packet . Port numbers identify a particular application or service on a system.

structure of a data packet

An IP address is a logical address used to identify a device on the network. Any device connected to the internet is assigned a unique IP address for identification. This identifying information enables devices to communicate over the internet.

Port numbers are part of the addressing information that helps identify senders and receivers of information and a particular application on the devices. Port numbers consist of 16- bit numbers.

For example, a user request for a file transfer from a client , or local host, to a remote server on the internet uses File Transfer Protocol ( FTP ) for the transaction. Both devices must be configured to transfer files via FTP . To transfer the file, the Transmission Control Protocol ( TCP ) software layer in local host identifies the port number of 21, which, by convention, associates with an FTP request -- in the 16-bit port number integer that is appended to the request.

At the server, the TCP layer will read port number 21 and forward the request to the FTP program at the server.

passive vs. active FTP

What are the different types of port numbers and their uses?

There are 65,535 port numbers, but not all are used every day.

Restricted port numbers or well-known port numbers are reserved by prominent companies and range from 0 to 1023. Apple QuickTime , Structured Query Language services and Gopher services use some of these restricted ports.

Those who want to register a specific port number can choose from 1024 to 49151. Software companies typically register these port numbers. Dynamic or private ports ranging from 49152 to 65536 are available for anyone to use.

In another scenario, a port number is assigned temporarily -- for the duration of the request and its completion -- from a range of assigned port numbers. This is called a temporary port number .

Here are some commonly used ports and their associated networking protocols:

The Internet Assigned Numbers Authority allocates and maintains all the port numbers listed above.

What are common questions raised about port numbers?

What is the port number for localhost.

Localhost is the default name used to establish a connection with a computer. The IP address is usually This is done by using a loopback address network. Port 80 is the common standard port for HTTP.

What is port number 8080 used for?

Port number 8080 is usually used for web servers . When a port number is added to the end of the domain name, it drives traffic to the web server. However, users can not reserve port 8080 for secondary web servers.

What is port number 3360 used for?

TCP/IP networks use port 3360. The connection-oriented protocol TCP demands handshaking to set up end-to-end communications. Upon establishing the connection, user data is transferred bidirectionally over the connection.

What is my IP address and port number?

The easiest way to find a router 's public IP address is to search "what is my IP?" on a search engine like Google. Identifying a port number will depend on the operating system.

For Windows:

What is a proxy server address and port number?

A proxy server is, essentially, a computer on the internet with its own IP address. It sits between the client device and the remote server and acts as an intermediary to handle communication requests over the internet.

When a local computer sends a web request, it automatically goes through the proxy server. The proxy server uses its own IP address for the web request and not the user's. Proxy servers offer privacy benefits -- for example, the ability to change the client IP address, masking the user's location.

The proxy server address includes an IP address with the port number attached to the end of the address. The port number 8080 is usually used for web servers, proxy and caching .

What is the port number for Gmail?

Gmail uses both Internet Message Access Protocol ( IMAP ) and SMTP. The IMAP port is 993, and the SMTP port is 25.

Continue Reading About port number

Related Terms

Dig deeper on network infrastructure.

port numbers and protocols

SMTP (Simple Mail Transfer Protocol)


How to use SSH tunnels to cross network boundaries


protocol data unit (PDU)

port numbers and protocols

New side channel attack resurrects DNS poisoning threat


This series of UC blogs examines Cisco's hybrid work bundle, Neat's new Neat Pulse offering and how Zoho Workplace increases work...

More organizations are adopting ESG initiatives, and UC vendors have begun to offer new programs and capabilities in response. ...

The tech giant's $10 billion investment in OpenAI brings AI-supported updates to its basic Teams offering, on top of features ...

It's important to ensure that files are secure and easy to work with on enterprise mobile devices. In iOS, the Files app is a key...

If the native macOS file manager is lacking, IT can look to third-party options for advanced features. Commander One, ForkLift ...

Configuration profiles make it easier to manage BYOD iPhones, but they're also associated with malware. Mobile security policies ...

Linux admins can use Cockpit to view Linux logs, monitor server performance and manage users. Use the tool to help admins manage ...

Hyperscale data centers can hold thousands of servers and process much more data than an enterprise facility. However, they can ...

Organizations that build 5G data centers may need to upgrade their infrastructure. These 5G providers offer products like virtual...

Digital transformation can take too long and fail to deliver. Root causes include lack of focus, cultural barriers and technical ...

Software and services companies are adding personnel and expanding their offerings, as venture funds invest in tech startups with...

Businesses working with aging network architectures could use a tech refresh. While the easing of equipment backlogs works in ...

Subscribe to our newsletter.

Privacy Statement

14 common network ports you should know

An introduction to GNU Screen


The physical ports on your computer allow communicate with peripheral devices such as your keyboard and mouse and to connect with internet devices via Ethernet cables.

The Linux Terminal

Witin computer networking, ports serve a similar purpose. When a computer system seeks to connect to another computer, the port serves as a communication endpoint. It is also possible for different services running on the same computer to expose various ports and communicate with one another using these ports. In simple terms, if a software application or service needs to communicate with others, it will expose a port. Ports are identified with positive 16-bit unsigned integers, ranging from 0 to 65535. Other services use this port number to communicate with the service or app. Port numbers are divided into three ranges: well-known ports, registered ports, and dynamic or private ports.

Well-known ports (also known as system ports ) are numbered from 0 through 1023. For example, to connect to the host example.com via SSH, I would use this command:

In this example, -v stands for verbose, and you should see output similar to this:

As shown, SSH is trying to connect to example.com using port number 22. You may use the -p option to specify another port number; otherwise, SSH will default to 22.

The Internet Assigned Numbers Authority (IANA) has assigned port numbers to commonly used services like SSH, FTP, HTTP, HTTPS, and others. Here are some of the most common ones:

In my work, I most commonly come across ports 80, 443, 20, 21, 22, 23, 25, and 53. Knowing these ports can help you work more efficiently.

What ports do you use the most, and why?

Learn more about Linux networking

people on top of a connected globe

How to configure networking in Linux

Connecting your Linux computer to a network is pretty straightforward, except when it is not. In this article I discuss the main network configuration files for Red Hat-based…

5 sys admin horror stories

An introduction to Linux network routing

In June when I discussed basic network configuration, one thing I did not talk about then is routing. This article provides a very brief introduction to routing for Linux…

A Linux networking guide to CIDR notation and configuration

One of the key concepts in network routing that any Linux professional should be familiar with is network notation. This article was inspired by a request from a reader of my…

User profile image.

Related Content

Net catching 1s and 0s or data in the clouds

Subscribe to our weekly newsletter

CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

Remember me

Enter your username or email:

Port Numbers and Network Protocols

We will analyze some of the most common Application Layer services that a network engineer will encounter on a daily basis, as well as learn the well-known default port numbers assigned to those application services. The objectives are to identify common TCP and UDP protocols, analyze their functionality, and learn the most common port numbers. The information presented in this chapter is very useful in various fields of computer networking and will assist in troubleshooting networks.

You configure and troubleshoot port numbers and services in our Cisco CCNA lab and video course .

Back to book index.

The most common protocols, organized by the TCP/IP layer they operate at, are presented in Table 5.1 below:

Table 5.1 – TCP/IP Layers and Their Protocols

We will analyze each of these protocols, starting with application protocols and continuing with management and networking protocols.

Port Numbers

Port numbers are assigned to different protocols and services so that a user will know how and what to access at the other end and to identify specific applications. They are also used to track the session associated with that protocol. As explained in Chapter 1, the TCP and UDP headers include a 16-bit source and destination port, so port numbers can be represented in the range of 0 to 65535 (the maximum decimal number that can be represented on 16 bits).

Port numbers fall into two categories:

Well-known port numbers are non-ephemeral ports, meaning they are permanently assigned to a protocol or a service. They can be used as a destination port by any network-enabled machine in order to reach specific protocols. A well-known port number helps to uniquely identify a Web server, for example. Even though the Web server might use a random port number, it usually uses port number 80 as a convention so other devices can know how to reach it. If the service used a non-standard port number, a client device could reach it only if it was specifically informed about the port number used. Well-known port numbers are usually those below 1024.

Temporary port numbers are ephemeral ports and are usually used as source ports in a two-way communication process. They are determined in real-time by the client workstation and are usually numbers above 1024. When the session is closed, the generated source port number disappears and a new session destined to the same service will usually use a different source port. The process of generating ephemeral port numbers is done automatically by the TCP/IP stack on the devices and it uses sequential or random port numbers. The allocation process of the unique source ports is accomplished at the Application Layer.

Even though the same port number can be used in both TCP and UDP, the services they identify can be completely different. For example, TCP port 80 identifies a different service/protocol than UDP port 80 does.

Do not confuse port numbers with protocol numbers. Port numbers uniquely identify network protocols, while protocol numbers identify Layer 3 protocols, for example:

Application Protocols

The most common application protocols are as follows:

Hypertext Transfer Protocol (HTTP) is the primary protocol used across the Internet between a browser and a Web server, which is a process known as Web browsing.

When a client PC (Web browser) makes a request, the type of request will determine the destination port number used. Websites are often listening on TCP port 80, a well-known port identifying the HTTP protocol, and they respond to request packets using TCP 80 as the source port, as depicted in Figure 5.1 below. This makes life easier for Web clients because if there were no standards regarding this approach, the communication between users and servers would be random.

HTTP Flow Diagram

Figure 5.1 – HTTP Flow Diagram

Anytime a Web browser wants to contact a Web server, it knows that the default port at the Application Layer that is used by the server to listen for traffic is TCP port 80.

Considering the traffic flow described above and moving down the protocol stack, you have the following information presented at each layer:

As a practical example, if you type the address www.cisco.com into a browser and make a packet capture of that particular interface, you will see the following:

HTTP Packet Capture

Figure 5.2 – HTTP Packet Capture  

If you analyze the captured packet, you can see some interesting information that confirms the traffic flow information above:

While HTTP is one of the most commonly used protocols on the Internet today, it is not secure, as it sends traffic without encryption on the network. Without any protection, an intruder might capture the packets and easily read the conversation. The HTTP Secure (HTTPS) protocol was developed to overcome these security issues by ensuring a secure encrypted connection between the Web client and the Web server, as shown in Figure 5.3 below:

HTTPS Flow Diagram

Figure 5.3 – HTTPS Flow Diagram  

HTTPS uses a different port than HTTP by default: TCP port 443 instead of TCP port 80. This can be examined in the packet capture presented in Figure 5.4 below:

HTTPS Packet Capture

Figure 5.4 – HTTPS Packet Capture  

The encryption used by the HTTPS protocol is accomplished using the Transport Layer Security/Secure Sockets Layer (TLS/SSL) mechanism. SSL was created by Netscape and this evolved into TLS, which is the updated IETF (Internet Engineering Task Force) version of SSL. HTTPS encryption is still called generic SSL, even though TLS is used as the underlying mechanism.

E-mail Protocols

The most common protocols used for sending and receiving e-mail traffic are as follows:

POP3 and IMAP (currently at version 4) are used for receiving e-mail. POP3 was designed for intermittent connectivity, and is used for retrieving e-mails only on request or automatically at a pre-configured interval.

IMAP is a more evolved protocol that was developed in the last few years, as it offers more functionality and flexibility. It can manage all e-mail messages directly on the mail server, unlike POP3 which must download the messages in order to manage them locally. IMAP offers access to e-mails from everywhere, not just on the local workstation, and it can also transparently synchronize the local e-mail client with the e-mail server. Although IMAP offers extra functionality, all of these features make IMAP use more resources on the server.

Unlike POP3 and IMAP, SMTP is used to push (send) e-mails to a server, as well as for transferring e-mails between servers. SMTP offers advanced security features, including encryption.

Being familiar with the protocols used by e-mail applications can help a network engineer in many situations, including with tasks that involve filtering e-mail traffic. This can be accomplished by blocking the well-known e-mail ports using access control lists or other filters, but it doesn’t prevent situations in which the applications use non-standard ports.

File Transfer Protocol (FTP) is, just as the name says, a protocol that allows users to transfer files between the file systems of multiple devices, offering many functionalities in this regard. FTP is an advanced file transfer protocol and it works based on a client-server architecture, as illustrated in Figure 5.5 below:

FTP Flow Diagram

Figure 5.5 – FTP Flow Diagram  

A user who wants to access an FTP server usually uses a dedicated FTP client application that initiates a connection to the server. The FTP client sends a session request on port 21, and after the session to the server is initialized data is transferred using port 20. A unique particularity of FTP is that it uses two port numbers:

The image in Figure 5.6 below depicts an FTP control packet capture. Notice that it uses TCP port 21 at the Application Layer.

FTP Packet Capture

Figure 5.6 – FTP Packet Capture  

Other features offered by FTP include authentication based on username and password and advanced file management functionality on remote devices (e.g., list, delete, and other commands).

Trivial File Transfer Protocol (TFTP) is similar to FTP but it lacks its complexity and security enhancements. TFTP is an unreliable file transfer protocol that functions over UDP port 69. Unlike FTP, which uses TCP to ensure a connection-oriented session with packet tracking, sequence numbers, and acknowledgements, TFTP does not ensure the proper delivery of packets.

Because it does not use packet tracking or have the complexity of FTP, TFTP is an Application Layer service that provides less overhead but also less reliability. Some other important differences from FTP include the following:

VoIP-Related Protocols

Voice over IP (VoIP) involves moving telephone traffic over an IP infrastructure. Voice packets are digitized and then sent on the IP network. VoIP communications have some particularities that require specific protocols to handle different aspects of the process. In this regard, two protocols are of interest:

SIP and RTP are used for completely different aspects of VoIP transmission. SIP is a VoIP signaling protocol that is used to build and terminate media calls, while RTP is used to digitize voice packets and carry the media stream to the other side.

SIP can be used by a phone so that when the user initiates a call, it can logically connect to the other phone to open the conversation. This Application Layer protocol has been designed to run independent of the underlying Transport Layer, meaning it can run on either TCP or UDP.

After the call setup process is over, conversation streaming happens over UDP because of the low overhead, which is suitable for delay-sensitive traffic such as VoIP. The protocol that makes this happen is RTP, as it was designed for the actual delivery of the voice packets over the network.

Management Protocols

The most common management protocols are as follows:

Domain Name System (DNS) is a protocol that translates names into IP addresses. Whenever a client wants to interact with a Web server on the Internet, it will identify it by using a name (e.g., cisco.com) because names are easy to remember when compared to complex and random IP addresses. However, in order to communicate with the Web server, the client must have its IP address, and this is where the DNS service comes into play by translating the name into a Layer 3 address.

DNS Basic Functionality

Figure 5.7 – DNS Basic Functionality  

As depicted in Figure 5.7 above, when a DNS server receives a query from a client containing a name, it returns an IP address. The client computer knows where to send the DNS request because it is configured with a DNS server address, which is either entered manually or received via DHCP. After the client receives the IP address associated with the website it wants to communicate with, the connection is initialized and the Web server can be accessed. The DNS server listens for requests on port 53 (both TCP and UDP). UDP port 53 is used for normal DNS lookups and queries and TCP port 53 is used for zone transfers between DNS servers.

A standard DNS query is depicted in the packet capture below, in which you can see both the UDP port number at the Transport Layer and the actual query details at the Application Layer:

DNS Query

Figure 5.8 – DNS Query  

Such a query is respond to by the server using a DNS reply similar to the one presented in the packet capture below, in which you can see the actual list of IP addresses returned for the specific website name:

DNS Reply

Figure 5.9 – DNS Reply  

DNS functions over UDP, so if no response is received in a timely manner, another DNS query will be sent. A TCP request is eventually sent out if no response is forthcoming.

To test DNS functionality on a Windows machine, you can use one of the two methods exemplified below:

Windows DNS Query Test (ping Command)

Figure 5.10 – Windows DNS Query Test ( ping Command)

Windows DNS Query Test (nslookup Command)

Figure 5.11 – Windows DNS Query Test ( nslookup Command)

DNS Servers

The DNS service doesn’t work using a single server because it would not be capable of managing all the name-to-IP mappings on the Internet. Instead, DNS uses a collection of servers that work together to provide name-to-IP resolution. This collection of servers is organized hierarchically using a distributed database composed of multiple DNS servers, which include the following:

Usually, a client sends a query to a resolving DNS server first. As DNS servers do not have all the name-to-IP bindings, they use a hierarchical structure to communicate between each other and find the information they need. For example, when a client sends a DNS query for www.cisco.com, the following process occurs:

A simplified DNS hierarchy diagram is depicted in Figure 5.12 below:

DNS Hierarchy

Figure 5.12 – DNS Hierarchy  

A generic DNS query flows over the path as follows: root name server à TLD server à authoritative server. The authoritative servers contain manually configured IP addresses that represent internal server or services names.

From a dimension standpoint, the Internet currently has around 13 root server clusters, 200 generic top-level domains (gTLDs), and 248 country code TLDs (ccTLDs). The most important reasons for using such a hierarchical distributed DNS server structure are redundancy and fault tolerance.

Combining every element presented by each level in the hierarchical DNS structure results in a Fully Qualified Domain Name (FQND), for example, www.cisco.com or mail.yahoo.com. The FQDN identifies a unique service or server.

DNS Records

DNS servers contain entries called resource records, also known as DNS records. All this information forms a database that contains naming, IP addresses, and other details. There are more than 30 DNS record types, but the most commonly used are the following:

Dynamic DNS

Dynamic DNS (DDNS) is a technique used in situations in which the IP addresses associated with specific names are often modified to prevent a denial of service to those services. If an IP address of a Web server changes, the server will not respond when identified by name because the name-to-IP binding is broken. In order to fix such situations, DDNS updates the DNS server records using a secure, automated process.

Dynamic DNS can be used by both large enterprises and home users. Enterprises might require DDNS because they use DHCP, which prevents servers of interest from having the same IP address over a long period of time. Dynamic DNS functionality is built into the Windows Active Directory and allows the domain’s controllers to register with the DNS and other computers in the domain to find AD services by issuing queries.

From a home-user perspective, DDNS functionality might be needed if the ISP allocates dynamic IP addresses, thus preventing the user from accessing home resources from other locations. An internal device cannot be identified if the public IP address keeps changing, so DDNS solves this issue by having a software application on the device automatically report the new IP to a central DDNS server on the Internet. The public third-party DDNS server creates an entry for each new IP address and this can be accessed at any point in time to access the home network.

The Dynamic Host Configuration Protocol (DHCP) is a network protocol used by hosts to automatically obtain an IP address and other parameters (e.g., gateway, DNS server, etc.). DHCP is an evolution from the old BOOTP protocol, which was also used for allocating IP addresses but had very limited functionality.

DHCP uses UDP as its Transport Layer protocol and it has a couple of well-known ports associated with it:

DHCP allows a computer to make a request for an IP address when it boots up (or at a later moment). A DHCP server that listens on the well-known port responds with a specific IP address (i.e., a DHCP Offer). The client accepts this and the server sends back an acknowledgement to confirm the allocation. The entire DHCP conversation contains two packets coming from the client side and two packets coming from the server side, as depicted in Figure 5.13 below:

DHCP Process

Figure 5.13 – DHCP Process  

Going into more detail on the conversation between the client and the server, the following sequence of events is involved in the DHCP allocation process:

If a Windows client cannot find a DHCP server, it uses an Automatic Private IP Addressing (APIPA) address (e.g., 169.x.y.z), and it cannot communicate with any other device on the network.

Remote Access Protocols

Remote access protocols allow the remote management of network devices, meaning they can obtain console (command line interface) access. This can be done via either an unsecure communication channel, using the Telnet protocol, or a secure communication channel, using the SSH (Secure Shell) protocol. Using either of these two protocols can generate a session at the Application Layer toward a network device, which uses a software client on the management workstation to control the network device that is acting as a Telnet or SSH server.

One of the most commonly used Telnet and SSH software client is a free software utility called PuTTY, which allows a user to initiate a Telnet or SSH session with a network device and obtain control of the command line interface (CLI). The packet capture screenshots presented below illustrate a Telnet and a SSH session initiated by a client, respectively:

Telnet Session (Client to Server)

Figure 5.14 – Telnet Session (Client to Server)

SSH Session (Client to Server)

Figure 5.15 – SSH Session (Client to Server)  

From the packet captures presented above, you can see that both Telnet and SSH are considered Application Layer services that require TCP at the Transport Layer and they use the following ports:

The source port in both cases is a random unallocated port on the client machine. When the session is over, the source port number disappears and the next session will probably use a different one. Analyzing the SSH packet capture, you can also see details regarding the applications used (PuTTY) in the Application Layer information field.

The reverse packet, coming from the server (the managed device) toward the client, will use the high port number as the destination and TCP port 23 or 22 as the source port. This is exemplified only for Telnet in the packet capture screenshot presented In Figure 5.16 below (SSH follows an identical logic):

Telnet Session (Server to Client)

Figure 5.16 – Telnet Session (Server to Client)  

The problem with using Telnet is that all traffic is sent in clear text (unencrypted) over the wire, so it represents a major security risk as a possible attacker could capture the configuration sent/received from the network device. For this reason, SSH should be used instead of Telnet in production environments. SSH provides the same functionality, with the additional feature of encrypting the data.

Network Time Protocol (NTP) is a protocol used by network devices to synchronize time across the network infrastructure. With NTP, hosts and network devices can make periodic requests to an NTP server (destination port UDP 123) in order to synchronize their internal clocks. Even though the hosts use an unreliable protocol at the Transport Layer, they are still expecting time-related information from the server over UDP.

Most computers have information about NTP servers by default from the factory. Many free public NTP servers are available on the Internet at the moment, but the most exact servers from a time accuracy perspective are GPS-based machines.

Remote Desktop Protocol (RDP) is a well-known application that runs on TCP port 3389 and allows users to remotely connect and manage a computer. If the RDP service is running on a remotely managed machine, you can run a remote desktop application on the client PC, which makes a request to the RDP server (managed machine) to establish a connection.

Simple Network Management Protocol (SNMP) is an Application Layer protocol that runs over UDP port 161 and is used by network administrators to gather statistics and control network devices. SNMP is used to share management information between network devices, usually between a management workstation and routers, switches, or other devices. SNMP has two components:

SNMP has evolved during the years and has now reached version 3 (SNMPv3). Network designers and engineers should demand that every environment use SNMPv3, not the older, unsecure SNMP versions (1 and 2), because of the advanced security features it presents. SNMP is used by network administrators and engineers to:

SNMP accesses detailed information in Management Information Bases (MIBs) and it uses SNMP agents. The MIB is an object-oriented hierarchical database system stored locally on the network device. An MIB entry example is, with 1 being the root of the MIB tree and 0 being the final leaf.

The SNMP agent is used to send and receive information from the device to the Network Management Station (NMS), and vice versa. In order to do that, different types of SNMP messages are used. The NMS will run some kind of network management software that retrieves and displays the SNMP information in a graphical user interface (GUI) format. The information displayed is used for control, troubleshooting, and planning.

Another SNMP concept is represented by community strings, which are the access control method. A community is basically a password that controls which group of people has access to certain information on the device.

Using SNMP, the administrator can gather reports from the network device regarding parameters like CPU utilization, memory utilization, and interface bandwidth utilization. The managed device contains the SNMP agent and the MIB that stores all the information. Different types of messages are used to relay information from the NMS to/from the managed device (i.e., the monitored device). This is illustrated in Figure 5.17 below:

SNMP Messages

Figure 5.17 – SNMP Messages  

The first message is called Get Request. This is sent to the managed device when the NMS wants to get a specific MIB variable from the SNMP agent that runs on that device. The Get Next Request is used to return the next object in the list after the Get Request message returns a value. The Get Bulk message works only in SNMPv3 environments and it can be used to retrieve a big chunk of data (e.g., an entire table); it also reduces the need to use many Get Request and Get Next Request messages. This reduces overhead on bandwidth utilization on the link.

The Set Request message is also sent by the NMS and is used to set an MIB variable on the agent. The Get Response message is the response from the SNMP agent to the NMS Get Request, Get Next Request, or Get Bulk messages.

A Trap is used by the SNMP agent to transmit unsolicited alarms to the NMS when certain conditions occur (e.g., device failure, state change, or parameter modifications). Different thresholds can be configured on the managed device for different parameters (like disk space, CPU utilization, memory utilization, and bandwidth utilization) and Traps are sent when the defined thresholds are reached. SNMPv3 introduced another message called Inform Request. This is similar to a Trap message and is what a managed device will send to the NMS as an acknowledgement to other messages.

Multiple SNMP versions were developed since SNMP was created, as follows:

SNMPv3 provides three security levels:

Internet Control Message Protocol (ICMP) is a maintenance protocol that operates at Layer 3 and sends control messages over the network. ICMP is identified as protocol number 1 in the Layer 3 header and it can transmit multiple message types to accomplish different maintenance tasks.

While ICMP has many different functions, the main one is sending Echo Requests to a machine to verify that it is up and running. If the specific machine is operating, it will send an ICMP Echo Reply message back to the source, confirming its availability. This process, also known as a ping, is shown below in Figure 5.18:

ICMP Echo Request and Echo Reply

Figure 5.18 – ICMP Echo Request and Echo Reply  

Figure 5.19 below illustrates an Echo Request packet capture:

ICMP Echo Request

Figure 5.19 – ICMP Echo Request  

Figure 5.20 below illustrates a reply to the Echo Request:

ICMP Echo Reply

Figure 5.20 – ICMP Echo Reply  

Another ICMP function is determining whether you are trying to access a destination that is not reachable using Destination Unreachable messages. The most commonly used ICMP message types include the following:

The Internet Group Management Protocol (IGMP) is used in environments that run Multicast traffic, like video streaming or audio content. IGMP allows Multicast users to subscribe or disconnect from a Multicast stream. In order to understand Multicast protocols, network devices like switches and routers must be Multicast-enabled and properly configured.

Networking Protocols

The most common networking protocols are as follows:

TCP and UDP functionality has already been analyzed, so we will focus on the ARP protocol in this section.

Address Resolution Protocol (ARP) is a network protocol that allows hosts to learn the Layer 2 address of a device it wants to communicate with by sending a query based on the Layer 3 address of the specific device.

When a host wants to communicate on the network, it does this by having Layer 3 information about the destination device (this may have been learned from a DNS query). In order to send the packet over the communication channel, the host/PC must first use the local Layer 2 address of the destination device and it does this by sending an ARP Request, as follows:

Figure 5.21 below exemplifies the ARP Request/Reply behavior:

ARP Process

Figure 5.21 – ARP Process  

As depicted in Figure 5.21 above, the process starts with the source device sending a Broadcast ARP Request packet, which contains the IP address of the destination device. The destination device sends a Unicast response back to the source, which contains its own source MAC address, thus offering the missing information.

The most common protocols, organized by the TCP/IP layer they operate at, are presented in Table 5.2 below:

Table 5.2 – TCP/IP Layers and Their Protocols

Port numbers are assigned to different protocols and services so that a user will know how and what to access at the other end and to identify specific applications. They are also used to track the session associated with that protocol.

Well-known port numbers are non-ephemeral ports, meaning they are permanently assigned to a protocol or a service. They can be used as a destination port by any network-enabled machine to reach specific protocols. Temporary port numbers are ephemeral ports that are usually used as source ports in a two-way communication process. They are determined in real-time by the client workstation and are usually numbers above 1024.

Common network port numbers.

Configure port numbers and protocols in our 101 Labs – CompTIA Network+ book.

comptia network+ lab book - 101 labs

This site has been created to help you make the best out of your IT career. Whether you are trying to get your first job, get promoted, or start your own IT business, we have a course for you.


Secure Site

website security

Insert/edit link

Enter the destination URL

Or link to existing content


  1. IP Well Known Port Numbers/ Common TCP

    port numbers and protocols

  2. Port Number Cheatsheets

    port numbers and protocols

  3. [PDF] Port Number List PDF Download

    port numbers and protocols

  4. Well Known Ports / Common Port Numbers Protocol Game for CompTIA Network+ Exam

    port numbers and protocols

  5. Solved Identify TCP/IP protocols and port numbers Internet

    port numbers and protocols

  6. Port Numbers and Protocols ~ Prashanth's Blog

    port numbers and protocols


  1. Lottery of Thelema Reading

  2. Introduction to Ports, Type of Serial Ports, Synchronous and Asynchronous Communication

  3. Lecture 7 (Port Programming)

  4. CompTIA Network+ Certification [License to Tech] Ep 008: Packets and Ports

  5. Computer NETWORKING Concepts

  6. Unit


  1. What Is My Computer’s Port Number?

    There is no one port number for a computer. Computers use multiple ports to accommodate different processes running on the computer. The port number in use varies on the software or service being used and the computer’s configuration.

  2. What Is Port 8080 Used For?

    Port 8080 is an alternative to port 80 and is used primarily for http traffic. It is named 8080 for its correlation to 80. Port 8080 is commonly used as proxy and caching port. It is also above the service port range. Port 8080 also can run...

  3. Why Are Protocols Important?

    Protocols are important because they provide a common moral framework in which people operate. The philosophical basis on which protocols rest is the idea that a mindful consideration of the feelings and interests of others is the best way ...

  4. What is a computer port?

    Ports are standardized across all network-connected devices, with each port assigned a number. Most ports are reserved for certain protocols — for example

  5. TCP/IP Ports and Protocols

    Table 1. Common TCP/IP Protocols and Ports ; Network Time Protocol (NTP). (RFC 5905). UDP. 123 ; NetBIOS. (RFC 1001-1002). TCP/UDP. 137/138/139.

  6. List of TCP and UDP port numbers

    This is a list of TCP and UDP port numbers used by protocols for operation of network applications. The Transmission Control Protocol (TCP) and the User

  7. 40 Network Protocols with Port NOs. Transport ...

    40 Network Protocols with Port Numbers, Transport Protocols and Meanings · 1.File Transfer Protocol (FTP) · 2.Secure Shell (SSH) · 3.Telnet · 4.Simple Mail Transfer

  8. Well-Known TCP/IP Port Numbers, Service Names & Protocols

    About TCP/UDP Ports · Port 0 to 1023: These TCP/UDP port numbers are considered as well-known ports. · Port 1024 to 49151: These are ports that an organization

  9. Service Name and Transport Protocol Port Number Registry

    Service Name and Transport Protocol Port Number Registry ; ssh, 22, sctp, SSH, [Randall_Stewart] ; telnet, 23, tcp, Telnet, [Jon_Postel]

  10. 50 Common Ports You Should Know

    Port number is a 16-bit numerical value that ranges from 0 to 65535. Well-known port (0-1023), registered port (1024-49151)

  11. What are port numbers and how do they work?

    A port number is a way to identify a specific process to which an internet or other network message is to be forwarded when it arrives at a server. All network-

  12. Networking Protocols and Port Numbers

    Networking-Goals · Ports and sockets. In a TCP/IP network, a port is a logical construct that serves as the endpoint of a connection within the OS of the end

  13. 14 common network ports you should know

    80. Hypertext Transfer Protocol (HTTP) used in World Wide Web ; 110. Post Office Protocol (POP3) used by e-mail clients to retrieve e-mail from a server ; 119.

  14. Port Numbers and Network Protocols

    Port numbers are assigned to different protocols and services so that a user will know how and what to access at the other end and to identify specific