JT
JT Exams
Log inStart Free Trial
NetworkingNetwork+

Network Protocols for CompTIA Network+ N10-009

Network protocols define the rules and formats that allow devices to communicate. CompTIA Network+ N10-009 tests protocol knowledge across every domain — you must know which protocol operates at which layer, what port it uses, whether it uses TCP or UDP, and what it does. This topic consolidates the most exam-critical protocols across the full OSI stack.

9 min
3 sections · 7 exam key points
1 practice questions

Application Layer Protocols

HTTP (port 80 TCP) and HTTPS (port 443 TCP): web traffic. HTTP is cleartext; HTTPS wraps HTTP in TLS. Always use HTTPS for any sensitive data. HTTP/1.1, HTTP/2, HTTP/3 (QUIC over UDP) — newer versions improve performance. Status codes: 200 OK, 301/302 redirect, 401 unauthorized, 403 forbidden, 404 not found, 500 server error.

DNS (port 53 UDP/TCP): resolves names to IPs. UDP for standard queries; TCP for zone transfers and large responses. DNSSEC adds cryptographic signatures. DNS runs on UDP 53 for queries and TCP 53 for zone transfers — know both.

DHCP (port 67 UDP server, 68 UDP client): automatic IP configuration via DORA process (Discover, Offer, Request, Acknowledge). DHCP uses broadcasts — relay agents (IP helper) forward DHCP across routed segments. DHCPv6 operates differently — uses multicast and stateless address autoconfiguration (SLAAC).

SMTP (port 25 TCP, 587 for submission): email sending. SMTPS (port 465). POP3 (port 110 TCP, 995 secure): downloads mail, typically deletes from server. IMAP (port 143 TCP, 993 secure): accesses mail in-place, syncs across devices. FTP (ports 20/21 TCP): file transfer; control on 21, data on 20 (active) or dynamic port (passive). SFTP (port 22 TCP, over SSH) and FTPS (FTP + TLS) are secure alternatives.

SSH (port 22 TCP): encrypted remote shell, replaces Telnet (port 23 — cleartext, never use). SNMP (port 161 UDP, traps on 162 UDP): network device management. SNMPv3 adds encryption and authentication — always use v3. Syslog (port 514 UDP): log forwarding to central collector. NTP (port 123 UDP): time synchronization — critical for authentication, certificates, and log correlation.

Transport Layer Protocols

TCP (Transmission Control Protocol): connection-oriented, reliable, ordered delivery. Three-way handshake (SYN, SYN-ACK, ACK) before data. Four-way close (FIN, ACK, FIN, ACK). Uses sequence numbers and acknowledgments. Flow control via window size. Congestion control. Used for: HTTP, HTTPS, SSH, FTP, SMTP, POP3, IMAP, DNS zone transfers. When data integrity matters more than speed.

UDP (User Datagram Protocol): connectionless, unreliable, no ordering guarantees. No handshake — send and hope. Faster due to no overhead. Used for: DNS queries, DHCP, TFTP, streaming media, VoIP, gaming, NTP, SNMP. When speed matters more than guaranteed delivery.

Common port ranges: Well-known ports 0–1023 (reserved for standard services). Registered ports 1024–49151. Dynamic/ephemeral ports 49152–65535 (used by clients for source ports).

Network and Data Link Protocols

IP (IPv4 and IPv6): Layer 3 addressing and routing. IPv4 uses 32-bit addresses, IPv6 uses 128-bit. ICMP (Internet Control Message Protocol): error reporting and diagnostics — ping (echo request/reply), traceroute (TTL exceeded), port unreachable. ICMPv6 also handles neighbor discovery in IPv6.

ARP (Address Resolution Protocol): resolves IPv4 addresses to MAC addresses. ARP request is broadcast; ARP reply is unicast. 'arp -a' displays the ARP cache. Gratuitous ARP: a device announces its own IP-to-MAC mapping — used after IP change, can be exploited for ARP spoofing. NDP (Neighbor Discovery Protocol): IPv6 equivalent of ARP, uses ICMPv6.

Ethernet (IEEE 802.3): Layer 2 LAN protocol. MAC addresses: 48-bit, written as colon- or hyphen-separated hex pairs. Frame format: destination MAC, source MAC, EtherType/length, data, FCS. 802.1Q: VLAN tagging — adds 4-byte tag to Ethernet frame including VLAN ID (VID). 802.1X: port-based access control — devices authenticate before network access.

Key Protocol Port Numbers for Network+ N10-009

ProtocolPortTransportPurpose
HTTP80TCPWeb traffic
HTTPS443TCPSecure web traffic
FTP20/21TCPFile transfer
SSH22TCPSecure remote shell
Telnet23TCPInsecure remote shell
SMTP25TCPEmail sending
DNS53UDP/TCPName resolution
DHCP67/68UDPIP address assignment
SNMP161/162UDPNetwork management
NTP123UDPTime sync
LDAP389TCPDirectory services
RDP3389TCPRemote desktop

Key exam facts — Network+

  • TCP: reliable, ordered, connection-oriented (three-way handshake); UDP: fast, unreliable, connectionless
  • HTTP=80, HTTPS=443, SSH=22, FTP=20/21, SMTP=25, DNS=53, DHCP=67/68
  • SNMP: UDP 161 (queries), 162 (traps); SNMPv3 adds encryption — always use v3
  • NTP: UDP 123 — time sync critical for auth, certificates, log correlation
  • ARP: maps IPv4 to MAC; NDP: IPv6 equivalent using ICMPv6
  • ICMP: not TCP or UDP — used by ping and traceroute
  • Syslog: UDP 514 — centralized log collection

Common exam traps

DNS only uses UDP port 53

DNS uses UDP 53 for standard queries (fast, low overhead) AND TCP 53 for zone transfers and large responses that exceed the UDP payload size. The Network+ exam tests both — always say 'UDP and TCP port 53' for DNS

Practice questions — Network Protocols

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A security administrator wants to capture all SNMP trap messages being sent from network devices to the management server. On which port and transport protocol should the packet capture filter be configured?

A.TCP port 161
B.UDP port 161
C.UDP port 162
D.TCP port 162

Explanation: SNMP traps are unsolicited notifications from devices to the management station, sent to UDP port 162. Standard SNMP queries (get, set) are sent to UDP port 161 on the managed device. Traps are always UDP — there is no reliable delivery requirement since traps are sent opportunistically. Always remember: 161 = queries to device, 162 = traps FROM device.

Frequently asked questions — Network Protocols

What is the difference between SFTP and FTPS?

SFTP (SSH File Transfer Protocol) is a completely separate protocol that runs over SSH on port 22 — it has nothing to do with FTP at the protocol level despite the name. FTPS (FTP Secure) is standard FTP with TLS added, using ports 989/990 or 21 with explicit TLS upgrade. SFTP is generally preferred because it uses a single port (22), works through firewalls more easily, and leverages SSH key infrastructure. Both are secure; choose SFTP when SSH infrastructure exists.

Practice this topic

Network+practice questions

Test yourself on Network Protocols

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice testStart 7-Day Free Trial

No credit card · Cancel anytime

Related certification topics

OSI Model

Network+

DNS Records

Network+

DHCP Implementation

Network+