Complete Network Protocols and Ports Reference Guide

Authors

Understanding network protocols and ports is fundamental to modern computing, cybersecurity, and network administration. This comprehensive guide covers network protocols and ports.

Table of Contents

Introduction to Network Protocols

Network protocols are sets of rules and standards that govern how devices communicate over a network. They define the format, timing, sequencing, and error checking of data transmission, ensuring reliable communication between different systems.

What Are Network Ports?

A network port is a virtual point where network connections start and end. Ports are identified by 16-bit numbers (0-65535) and are used to distinguish between different services running on the same device. Think of them as apartment numbers in a building - the IP address is the building, and the port is the specific apartment.

The OSI Model and Protocol Layers

The Open Systems Interconnection (OSI) model provides a conceptual framework for understanding network interactions across seven layers:

Layer 7: Application Layer

  • Purpose: User interface and application services
  • Protocols: HTTP, HTTPS, FTP, SMTP, DNS, SSH, Telnet
  • Function: Provides network services to applications

Layer 6: Presentation Layer

  • Purpose: Data translation, encryption, and compression
  • Protocols: SSL/TLS, JPEG, MPEG, ASCII, EBCDIC
  • Function: Ensures data is in a readable format for the application layer

Layer 5: Session Layer

  • Purpose: Establishes, manages, and terminates connections
  • Protocols: NetBIOS, RPC, SQL, NFS
  • Function: Manages sessions between applications

Layer 4: Transport Layer

  • Purpose: End-to-end communication and error recovery
  • Protocols: TCP, UDP, SCTP, DCCP
  • Function: Ensures reliable data delivery between hosts

Layer 3: Network Layer

  • Purpose: Path determination and logical addressing
  • Protocols: IP, ICMP, OSPF, BGP, RIP
  • Function: Routes data packets between networks
  • Purpose: Physical addressing and error detection
  • Protocols: Ethernet, Wi-Fi, PPP, Frame Relay
  • Function: Transfers data between adjacent network nodes

Layer 1: Physical Layer

  • Purpose: Physical transmission of raw bits
  • Protocols: Ethernet, Wi-Fi, Bluetooth, USB
  • Function: Defines electrical and physical specifications

Transport Layer Protocols

Transmission Control Protocol (TCP)

Port Range: Dynamic (ephemeral ports 49152-65535) Characteristics:

  • Connection-oriented
  • Reliable delivery
  • Error checking and correction
  • Flow control
  • Congestion control

Use Cases:

  • Web browsing (HTTP/HTTPS)
  • Email (SMTP, IMAP, POP3)
  • File transfer (FTP)
  • Remote access (SSH, Telnet)

TCP Header Fields:

  • Source Port (16 bits)
  • Destination Port (16 bits)
  • Sequence Number (32 bits)
  • Acknowledgment Number (32 bits)
  • Header Length (4 bits)
  • Flags (6 bits)
  • Window Size (16 bits)
  • Checksum (16 bits)
  • Urgent Pointer (16 bits)

User Datagram Protocol (UDP)

Port Range: Dynamic (ephemeral ports 49152-65535) Characteristics:

  • Connectionless
  • Best-effort delivery
  • No error checking
  • Lower overhead
  • Faster transmission

Use Cases:

  • DNS queries
  • DHCP
  • Streaming media
  • Online gaming
  • VoIP
  • SNMP

UDP Header Fields:

  • Source Port (16 bits)
  • Destination Port (16 bits)
  • Length (16 bits)
  • Checksum (16 bits)

Stream Control Transmission Protocol (SCTP)

Port Range: Dynamic Characteristics:

  • Message-oriented
  • Multi-streaming
  • Multi-homing
  • Congestion control
  • Reliable delivery

Use Cases:

  • Signaling in telecommunications
  • WebRTC
  • High-availability applications

Datagram Congestion Control Protocol (DCCP)

Port Range: Dynamic Characteristics:

  • Congestion control
  • Unreliable delivery
  • Connection-oriented
  • Minimal overhead

Use Cases:

  • Streaming applications
  • Online gaming
  • Real-time communication

Application Layer Protocols

Web Protocols

Hypertext Transfer Protocol (HTTP)

  • Port: 80
  • Type: TCP
  • Description: Foundation of web communication
  • Features: Stateless, request-response model
  • Security: Unencrypted, vulnerable to eavesdropping

Hypertext Transfer Protocol Secure (HTTPS)

  • Port: 443
  • Type: TCP
  • Description: HTTP over TLS/SSL encryption
  • Features: Encrypted, authenticated, integrity protection
  • Security: High, uses TLS 1.2/1.3

HTTP/2

  • Port: 443 (over HTTPS)
  • Type: TCP
  • Description: Binary protocol, multiplexing
  • Features: Server push, header compression, stream prioritization

HTTP/3

  • Port: 443
  • Type: UDP (QUIC)
  • Description: Next-generation web protocol
  • Features: Built on QUIC, improved performance, better mobile support

Email Protocols

Simple Mail Transfer Protocol (SMTP)

  • Port: 25 (standard), 587 (submission), 465 (SMTPS)
  • Type: TCP
  • Description: Sending email messages
  • Security: Port 25 often blocked, use 587 with STARTTLS

Post Office Protocol Version 3 (POP3)

  • Port: 110 (standard), 995 (POP3S)
  • Type: TCP
  • Description: Retrieving email from server
  • Features: Downloads emails to local client

Internet Message Access Protocol (IMAP)

  • Port: 143 (standard), 993 (IMAPS)
  • Type: TCP
  • Description: Accessing email on server
  • Features: Keeps emails on server, folder synchronization

File Transfer Protocols

File Transfer Protocol (FTP)

  • Port: 21 (control), 20 (data)
  • Type: TCP
  • Description: File transfer between systems
  • Modes: Active and passive
  • Security: Unencrypted, use SFTP or FTPS

Secure File Transfer Protocol (SFTP)

  • Port: 22
  • Type: TCP
  • Description: FTP over SSH
  • Security: Encrypted, uses SSH protocol

FTP over TLS (FTPS)

  • Port: 21 (control), 990 (implicit)
  • Type: TCP
  • Description: FTP with TLS encryption
  • Security: Encrypted, supports explicit and implicit modes

Trivial File Transfer Protocol (TFTP)

  • Port: 69
  • Type: UDP
  • Description: Simple file transfer
  • Use Cases: Network booting, firmware updates
  • Security: No authentication, unencrypted

Remote Access Protocols

Secure Shell (SSH)

  • Port: 22
  • Type: TCP
  • Description: Secure remote access and file transfer
  • Features: Encryption, authentication, port forwarding
  • Security: High, supports key-based authentication

Telnet

  • Port: 23
  • Type: TCP
  • Description: Remote terminal access
  • Security: Unencrypted, vulnerable to sniffing
  • Recommendation: Use SSH instead

Remote Desktop Protocol (RDP)

  • Port: 3389
  • Type: TCP
  • Description: Microsoft's remote desktop solution
  • Features: Graphics, audio, clipboard sharing
  • Security: Encrypted, supports Network Level Authentication

Directory and Authentication Protocols

Lightweight Directory Access Protocol (LDAP)

  • Port: 389 (standard), 636 (LDAPS)
  • Type: TCP
  • Description: Directory service protocol
  • Use Cases: User authentication, directory queries
  • Security: Use LDAPS (port 636) for encryption

Active Directory (AD)

  • Ports: Multiple (389, 636, 3268, 3269, 88, 445)
  • Type: TCP/UDP
  • Description: Microsoft's directory service
  • Features: User management, group policy, authentication

Kerberos

  • Port: 88
  • Type: TCP/UDP
  • Description: Network authentication protocol
  • Features: Single sign-on, mutual authentication
  • Security: High, uses symmetric key cryptography

Database Protocols

MySQL

  • Port: 3306
  • Type: TCP
  • Description: MySQL database server
  • Security: Use SSL/TLS for encryption

PostgreSQL

  • Port: 5432
  • Type: TCP
  • Description: PostgreSQL database server
  • Security: Supports SSL connections

Microsoft SQL Server

  • Port: 1433 (default), 1434 (UDP for browser)
  • Type: TCP/UDP
  • Description: Microsoft's database server
  • Security: Use encrypted connections

Oracle Database

  • Port: 1521 (default)
  • Type: TCP
  • Description: Oracle database server
  • Security: Supports encryption and authentication

Messaging and Communication Protocols

Internet Relay Chat (IRC)

  • Port: 6667 (standard), 6697 (SSL)
  • Type: TCP
  • Description: Real-time text messaging
  • Features: Channels, private messages, file sharing

Extensible Messaging and Presence Protocol (XMPP)

  • Port: 5222 (client), 5269 (server)
  • Type: TCP
  • Description: Instant messaging and presence
  • Features: Extensible, supports encryption

Session Initiation Protocol (SIP)

  • Port: 5060 (standard), 5061 (TLS)
  • Type: TCP/UDP
  • Description: VoIP signaling protocol
  • Features: Call setup, modification, termination

Real-time Transport Protocol (RTP)

  • Port: Dynamic (typically 16384-32767)
  • Type: UDP
  • Description: Real-time audio/video transmission
  • Features: Jitter compensation, packet loss detection

Network Management Protocols

Simple Network Management Protocol (SNMP)

  • Port: 161 (agent), 162 (trap)
  • Type: UDP
  • Description: Network device management
  • Versions: v1 (insecure), v2c (community strings), v3 (encrypted)
  • Security: Use SNMPv3 for production environments

Internet Control Message Protocol (ICMP)

  • Port: N/A (Layer 3)
  • Type: IP
  • Description: Error reporting and diagnostics
  • Use Cases: Ping, traceroute, error messages

Address Resolution Protocol (ARP)

  • Port: N/A (Layer 2)
  • Type: Ethernet
  • Description: Maps IP addresses to MAC addresses
  • Security: Vulnerable to ARP spoofing attacks

Time Synchronization Protocols

Network Time Protocol (NTP)

  • Port: 123
  • Type: UDP
  • Description: Time synchronization across networks
  • Features: Hierarchical time sources, clock accuracy
  • Security: Use authenticated NTP servers

Precision Time Protocol (PTP)

  • Port: 319, 320
  • Type: UDP
  • Description: High-precision time synchronization
  • Use Cases: Financial trading, industrial automation

Network Layer Protocols

Internet Protocol Version 4 (IPv4)

  • Description: Most widely used internet protocol
  • Address Format: 32-bit addresses (e.g., 192.168.1.1)
  • Features: Best-effort delivery, fragmentation support
  • Limitations: Address space exhaustion

Internet Protocol Version 6 (IPv6)

  • Description: Next-generation internet protocol
  • Address Format: 128-bit addresses (e.g., 2001:db8::1)
  • Features: Larger address space, built-in security, auto-configuration
  • Migration: Gradual adoption from IPv4

Internet Control Message Protocol for IPv6 (ICMPv6)

  • Description: IPv6 equivalent of ICMP
  • Features: Neighbor discovery, router solicitation, error reporting
  • Security: Includes IPsec support

Port Numbers Reference

Port numbers are categorized into three ranges as defined by the Internet Assigned Numbers Authority (IANA):

  • Well-Known Ports (0-1023): Reserved for system services and require root privileges
  • Registered Ports (1024-49151): Assigned to specific services by IANA
  • Dynamic/Private Ports (49152-65535): Used by client applications for outbound connections

Well-Known Ports (0-1023)

PortProtocolServiceDescriptionStatus
20TCPFTP DataFile Transfer Protocol data channelStandard
21TCPFTP ControlFile Transfer Protocol control channelStandard
22TCPSSHSecure Shell remote accessStandard
23TCPTelnetRemote terminal access (unencrypted)Standard
25TCPSMTPSimple Mail Transfer ProtocolStandard
53TCP/UDPDNSDomain Name SystemStandard
67UDPDHCP ServerDynamic Host Configuration ProtocolStandard
68UDPDHCP ClientDHCP client requestsStandard
69UDPTFTPTrivial File Transfer ProtocolStandard
80TCPHTTPHypertext Transfer ProtocolStandard
88TCP/UDPKerberosNetwork authentication protocolStandard
110TCPPOP3Post Office Protocol version 3Standard
123UDPNTPNetwork Time ProtocolStandard
135TCPRPCMicrosoft RPC Endpoint MapperMicrosoft
139TCPNetBIOSNetBIOS Session ServiceLegacy
143TCPIMAPInternet Message Access ProtocolStandard
161UDPSNMPSimple Network Management ProtocolStandard
162UDPSNMP TrapSNMP trap messagesStandard
389TCPLDAPLightweight Directory Access ProtocolStandard
443TCPHTTPSHTTP over TLS/SSLStandard
445TCPSMBServer Message Block (Windows file sharing)Microsoft
465TCPSMTPSSMTP over SSL (deprecated)Legacy
514UDPSyslogSystem logging protocolStandard
587TCPSMTP SubmissionSMTP message submissionStandard
636TCPLDAPSLDAP over SSLStandard
993TCPIMAPSIMAP over SSLStandard
995TCPPOP3SPOP3 over SSLStandard

Registered Ports (1024-49151)

PortProtocolServiceDescriptionCategory
1080TCPSOCKSSOCKS proxy protocolProxy
1194UDPOpenVPNOpenVPN VPN protocolVPN
1433TCPMS SQLMicrosoft SQL ServerDatabase
1521TCPOracleOracle DatabaseDatabase
2049TCP/UDPNFSNetwork File SystemFile Sharing
3000TCPNode.jsCommon Node.js development portDevelopment
3306TCPMySQLMySQL database serverDatabase
3389TCPRDPRemote Desktop ProtocolRemote Access
5000TCPDevelopmentFlask development serverDevelopment
5432TCPPostgreSQLPostgreSQL database serverDatabase
5900TCPVNCVirtual Network ComputingRemote Access
6379TCPRedisRedis in-memory databaseDatabase
9200TCPElasticsearchElasticsearch databaseDatabase
27017TCPMongoDBMongoDB databaseDatabase
50070TCPHadoopHadoop NameNode web UIBig Data

Common Service Categories

Web Services

  • 80: HTTP (unencrypted web traffic)
  • 443: HTTPS (encrypted web traffic)
  • 8080, 8000, 8888: Alternative HTTP ports
  • 8443: Alternative HTTPS port

Email Services

  • 25: SMTP (mail sending)
  • 587: SMTP Submission (authenticated mail sending)
  • 110: POP3 (mail retrieval)
  • 143: IMAP (mail access)
  • 993: IMAPS (encrypted IMAP)
  • 995: POP3S (encrypted POP3)

Database Services

  • 1433: Microsoft SQL Server
  • 1521: Oracle Database
  • 3306: MySQL
  • 5432: PostgreSQL
  • 6379: Redis
  • 9200: Elasticsearch
  • 27017: MongoDB

Remote Access

  • 22: SSH (secure shell)
  • 23: Telnet (unencrypted, not recommended)
  • 3389: RDP (Windows Remote Desktop)
  • 5900: VNC (Virtual Network Computing)

File Transfer

  • 20/21: FTP (File Transfer Protocol)
  • 22: SFTP (SSH File Transfer Protocol)
  • 69: TFTP (Trivial File Transfer Protocol)
  • 2049: NFS (Network File System)

Network Services

  • 53: DNS (Domain Name System)
  • 67/68: DHCP (Dynamic Host Configuration)
  • 123: NTP (Network Time Protocol)
  • 161/162: SNMP (Network Management)

Dynamic/Private Ports (49152-65535)

These ports are used by client applications for outbound connections and are assigned dynamically by the operating system. They are also known as ephemeral ports.

Common Ranges by OS:

  • Linux: 32768-60999 (configurable)
  • Windows: 49152-65535
  • macOS: 49152-65535
  • FreeBSD: 10000-65535

Troubleshooting and Diagnostics

Command Line Tools

netstat

# List all listening ports
netstat -tuln

# Show connections with process information
netstat -tulnp

# Display routing table
netstat -rn

ss (Socket Statistics)

# List all sockets
ss -tuln

# Show process information
ss -tulnp

# Display statistics
ss -s

nmap (Network Mapper)

# Basic port scan
nmap target_ip

# Scan specific ports
nmap -p 80,443,22 target_ip

# Stealth scan
nmap -sS target_ip

# Service version detection
nmap -sV target_ip

telnet

# Test port connectivity
telnet target_ip port_number

nc (netcat)

# Listen on port
nc -l -p port_number

# Connect to port
nc target_ip port_number

Network Monitoring Tools

Wireshark

  • Packet capture and analysis
  • Protocol decoding
  • Traffic analysis
  • Security investigation

tcpdump

# Capture all traffic
tcpdump -i any

# Capture specific port
tcpdump port 80

# Capture to file
tcpdump -w capture.pcap

iftop

  • Real-time network bandwidth monitoring
  • Shows top network connections
  • Useful for identifying bandwidth usage

Troubleshooting Steps

1. Basic Connectivity

  1. Ping the target host
  2. Check DNS resolution
  3. Verify routing table

2. Port-Specific Issues

  1. Verify service is running
  2. Check firewall rules
  3. Test with telnet/nc
  4. Review service logs

3. Performance Issues

  1. Monitor bandwidth usage
  2. Check for packet loss
  3. Analyze latency
  4. Review QoS settings

Conclusion

Understanding network protocols and ports is essential for anyone working with computer networks, whether you're a system administrator, developer, or security professional.

Further Reading

Discuss on XDiscuss on Reddit