Network Protocols and Ports for CompTIA A+ 220-1101

TCP (Transmission Control Protocol): connection-oriented. Establishes a 3-way handshake (SYN, SYN-ACK, ACK) before data transfer. Guarantees delivery, ordering, and error checking. Re-transmits lost packets. Slower than UDP due to overhead. Use cases: web browsing (HTTP/HTTPS), email, file transfer (FTP, SFTP), SSH, RDP. UDP (User Datagram Protocol): connectionless. No handshake. No guaranteed delivery. No ordering. Much lower overhead — faster. Loss of a packet is simply missed, not retransmitted. Use cases: DNS (queries), streaming video/audio, VoIP, DHCP, online gaming, TFTP, SNMP. DNS uses UDP for queries (fast) but switches to TCP for zone transfers (large, requires reliability). Applications that use UDP often implement their own reliability at the application layer (QUIC protocol, used by HTTP/3, is UDP-based with built-in reliability).

Well-known ports (0–1023): FTP: 20 (data), 21 (control). Unencrypted file transfer. SSH: 22. Encrypted remote shell. Telnet: 23. Unencrypted remote shell (deprecated, use SSH). SMTP: 25. Email sending (server-to-server). DNS: 53 (UDP for queries, TCP for zone transfers). DHCP: 67 (server), 68 (client). UDP. HTTP: 80. Unencrypted web. HTTPS: 443. Encrypted web (TLS). POP3: 110. Email retrieval (downloads and deletes from server). IMAP: 143. Email retrieval (stays on server, syncs). Registered ports (1024–49151): RDP: 3389. Remote Desktop Protocol. SMB: 445. Windows file sharing. SNMP: 161 (queries), 162 (traps). Network monitoring. Syslog: 514. Log shipping. LDAP: 389. Directory services. LDAPS: 636. Encrypted LDAP. SMTP over TLS: 587. Authenticated email submission. SMTPS: 465. Email sending over SSL. POP3S: 995. POP3 over TLS. IMAPS: 993. IMAP over TLS.

SMTP (Simple Mail Transfer Protocol): port 25 (server relay), 587 (client submission). Used to SEND email. Mail servers use SMTP to relay messages between each other. Email clients use SMTP (port 587) to submit outgoing mail to their mail server. POP3 (Post Office Protocol 3): port 110 (995 for TLS). Used to RECEIVE email. Downloads messages to local client and (by default) deletes from server. Simple, no synchronization — good for a single device. IMAP (Internet Message Access Protocol): port 143 (993 for TLS). Used to RECEIVE email. Messages stay on server. Multiple devices sync to the same mailbox state. Read/unread, folders, flags synchronize across all devices. Standard for modern email clients and smartphones. Exchange/MAPI: Microsoft's email protocol for Exchange Server. Uses RPC over HTTP (MAPI over HTTPS). Port 443 (HTTPS). Used by Outlook desktop and mobile clients. Autodiscover service automatically configures Outlook settings.

SSH (Secure Shell): port 22. Encrypted command-line access to remote systems. Replaces Telnet. Also used for SFTP and SCP (secure file transfer). Telnet: port 23. Plaintext — ALL credentials and data visible in network captures. Never use on production systems. Used only for testing connectivity to specific ports (`telnet hostname 25` to test SMTP connectivity). RDP (Remote Desktop Protocol): port 3389. Windows graphical remote access. SNMP (Simple Network Management Protocol): UDP port 161 (queries), 162 (traps). Monitors and manages network devices (switches, routers, printers). SNMP v1/v2c: community string authentication (effectively plaintext). SNMP v3: authentication and encryption — use v3 in production. Syslog: UDP/TCP port 514. Devices send log messages to a central syslog server. Used for centralized logging and SIEM. LDAP: port 389. Queries directory services (Active Directory). LDAPS: port 636. Encrypted LDAP. HTTPS: 443. Web services, REST APIs, many modern management interfaces. NTP (Network Time Protocol): port 123. UDP. Synchronizes clocks across network devices.

FTP (File Transfer Protocol): ports 20 (data), 21 (control). Plaintext — credentials and data visible in captures. Active mode: server initiates data connection back to client (can be blocked by client firewalls). Passive mode: client initiates both connections (better for firewalls). FTPS (FTP Secure): FTP with TLS. Implicit FTPS: port 990 (always TLS). Explicit FTPS: port 21 (upgrades to TLS via STARTTLS command). SFTP (SSH File Transfer Protocol): port 22. Runs over SSH. Completely different from FTPS despite similar name. SFTP is the preferred secure file transfer method. TFTP (Trivial File Transfer Protocol): UDP port 69. No authentication, no directory listing, no encryption. Used for: network device firmware updates, PXE boot (loading OS image over network), configuration file transfer within a secure network. HTTP: port 80. Unencrypted web traffic. Redirects to HTTPS in most modern deployments. HTTPS: port 443. TLS-encrypted HTTP.