We use transport-layer protocols to communicate to specific services on a remote device. In this video, you’ll learn about some of the most popular TCP and UDP ports used on our servers.
<< Previous: TCP/IP AddressingNext: Common Network Protocols >>
Internet protocol, or IP, uses two transport level protocols to send information from one device to another. One of these protocols is called transmission control protocol, or TCP. This is a connection oriented protocol. That means that you’re going to set up a formal connection with another device, sending information, and then tear down that connection when the communication is complete. This is also considered reliable delivery. That’s because when you send information to this second station, it responds back with an acknowledgement.
So you’ll send some TCP data, and that device will acknowledge that it did receive the information. That way the originating station can be assured that the remote device did receive everything that was sent to it. That means that this protocol can manage situations when packets may come in out of order, or there may be a need for re-transmitting information. That’s all built in to the TCP protocol.
You can think of TCP as a moving truck. You fill up the moving truck. There’s a bill of goods that knows exactly what’s inside of the truck. The truck is sent to the other location. And on the other side, when everything is unloaded, it’s checked against this list to make sure that everything that was sent was received properly on the other side.
The other major protocol used by IP is User Datagram Protocol, or UDP. UDP is a connectionless protocol, which means there’s no formal set up. One station simply sends information to the other via UDP. And the information is received on the other side. Also unlike TCP, there’s no formal acknowledgement to this information. The information is sent to the other side. And the originating station has no idea if the information really made it to the other side or not. We call this an unreliable communication, not because the network works any better or worse when using UDP, but because the originating station never receives an acknowledgement of anything that was sent.
Unlike TCP, UDP doesn’t use sequence, numbers, or any type of acknowledgement. So it can’t send the retransmissions. It can’t reorder information. Once information is sent to the other side, It’s simply received as is. UDP doesn’t work like the moving truck we discussed with TCP. With UDP, we fill up the truck and we send it on its way, but we have no idea if that truck ever made it to its remote destination. When we talk about these TCP and UDP ports, we’re really referring to a reference that’s inside of the protocol. We’re not referring to physical ports that might be on a switch or a router.
With IP we need at least four items to be able to communicate this information back and forth. We need a server IP address and a server application port number. We also need a client IP address and a client port number that will be used for this communication. You’ll often hear these server port numbers referred to as non-ephemeral ports. Ephemeral means it would be temporary. So a non-ephemeral port is a more permanent port number assigned to a service on that particular device.
On the client side, we’re usually using a temporary port number, or an ephemeral port number. These are going to be determined usually randomly as the sessions are required by the client device. A TCP or UDP port number can be any number between 0 and 65,535. Most servers are going to use those non-ephemeral port numbers that are always going to be something that is well known. Now this isn’t always the case, but it helps if you know exactly what the port number is you’re going to be using on the server side.
These port numbers are used to reference a service on a remote device. They’re not a security measure. You can change the port number on a service to be something that most people would not expect, but it’s very trivial to be able to identify what the open port numbers might be on a server. The services that we’re communicating with tend to use well known port numbers. That means they’re always going to use something that everyone knows. For example, a web server very commonly uses port 80 so that your browser can communicate directly to that server over something that everyone will be expecting.
One thing to keep in mind is that TCP is one protocol, and UDP is a completely different protocol. Although both of these protocols use numbers between 0 and 65,535 for their port numbers, they are completely separate in the way that they operate. A TCP port 80 is a very different protocol than UDP port 80. Here’s a practical example of where you would use these port numbers. There for instance, is a web server at IP address 192.168.0.10. This web server is running web services over the well known port of TCP 80. And encrypted web services over the well known port of TCP 443.
This server is also providing DNS services over the well known port of UDP 53. If we have a device like this computer at IP address 192.168.0.5 that needs to communicate to this web server over a non-encrypted communications through a browser, this device is going to find a temporary port number to use. This would be an ephemeral port number, in this case TCP 1331. This device is then going to communicate directly to the web server on the well known port of TCP 80. They’re going to transfer information. And when that session is over, the session is then closed and if this device needs to communicate with this server again, it will need to choose a different temporary port number.
Let’s go through a number of very common port numbers that you might find running on your network. One very common one for file transfers is FTP. This is the file transfer protocol. It’s very common to see FTP using TCP port 20 for something called active mode data, and TCP port 21 for the control mechanism to be able to manage the FTP sessions. This protocol is used to transfer files from one system to another. It does authentication so you log in with the username and password, and you’re able to rename, list files, delete files, and manage the file system on that remote device.
It’s very common to see FTP running at the command, although you’ll often see FTP being used in a graphical environment as well. This is Filezilla that’s logging in with my local device and communicating via FTP to a remote server. TCP port 22 is commonly used by SSH, that stands for secure shell. This is a way that you can communicate at the command line using a terminal screen like this one, and be able to communicate over an encrypted channel. This is especially important if you have devices on your network that need to be managed at the command line.
Maybe you’re communicating with switches or routers or other devices, but you don’t want anyone to be able to see the communication back and forth to that device. In that case, you would use something like SSH that ensures that all of this communication is encrypted. There are a number of legacy devices that may also need a terminal session. And they don’t have the capability to send that information in an encrypted form. This would use, instead, the Telnet protocol. This stands for telecommunications network. And it uses TCP port 23 to communicate.
You’re able to log in to this console session, manage the remote device, be able to communicate back and forth, but all of that communication is not going to encrypted. Everything is sent in the clear. For email there are three major protocols that are commonly used to send and receive email from your client and between mail servers. The first two we’ll look at are POP3 and IMAP4. These are commonly referred to as email client protocols, because they’re used by your local device to retrieve email from an email server.
For POP3 we commonly use TCP port 110. And for IMAP4 we use TCP port 143. Another useful email protocol is SMTP. This is the simple mail transfer protocol. SMTP is commonly used to send email from your local device. It can also be used to transfer email between email servers. SMTP commonly uses TCP port 25 to communicate. Without the domain name system, or DNS, we would have to remember the IP addresses for every device on the internet. But instead, we can remember things like www.professormesser.com and DNS behind the scenes is able to convert that name to an actual IP address.
DNS uses UDP port 53 to make this communication to the DNS server. Our web browsers are a foundation of internet communication. You may even be using a web browser right now to watch this video. Web browsing uses the HTTP and HTTPS protocols. HTTP being be the in the clear or non-encrypted communication. And it very commonly uses TCP port 80 for this hypertext transfer protocol. Hypertext transfer protocol secure is the encrypted form of this web communication. And it’s very common to see this HTTPS running over TCP port 443.
TCP port 3389 is commonly used by RDP. This is the remote desktop protocol. RDP is commonly used to view the remote desktop of a device across the network. You can either look at the entire desktop on somebody’s device, or you can run a single application from a server that might be using RDP. There are many different operating systems that can support RDP, although it’s popular on Windows, you’ll also find remote desktop clients for Mac OS, for Linux, or Unix, for mobile devices, and many others.
If you’ve ever transferred a file or used a printer across a Windows Network, you were probably using Server Message Block to do that. This protocol, SMB, is sometimes also called CIFS for common internet file system. Older versions of Windows use NetBIOS to communicate. And so this NetBIOS is now encapsulated within TCP/IP. It’s very common to see a number of different port numbers being used for this. UDP port 137 is the name services process that SMB will use to find a remote device on the network. And then to transfer data, it can be done through a connectionless communication using UDP 138, or a connection oriented communication at TCP 139.
These days our newer Windows operating systems don’t need NetBIOS to communicate, so you can have a direct connection that is TCP port 445 to be able to send this SMB communication over TCP. There are similar protocols in Mac OS to be able to share files and print to printers. One of these is the AFP, the Apple filing protocol. It’s common to see AFP running on TCP port 548. You’ll also see a service location protocol, or SLP, that works in conjunction with the AFP. This is usually running on TCP port 427 and UDP port 427 as well.
This will populate the list of devices that are out on the network, making it easy to find the printers and the file services that are running on your network. In this video we covered a large group of common port numbers. And I’ve summarised them all on this slide for you. For your A plus certification you’ll need to know all of these before walking into the exam.