Network port number

eshprof's version from 2016-04-08 18:49


Question Answer
RPC remote procedure callTCP 135
FTP data port (active mode)TCP 20
FTP control portTCP 21
SCP (uses SSH)TCP 22
SFTP (uses SSH)TCP 22
FTPS (uses SSL/TLS)TCP 989 / TCP 990
TelnetTCP 23
DNS name queriesUDP 53
DNS Zone TransfersTCP 53
KerberosUDP 88
SNMP trapUDP 162
NetBIOS (TCP rarely used)TCP/UDP 137
IPsec (for VPN with IKE)UDP 500
L2TPUDP 1701
Remote desktop Protocol (RDP)TCP/UDP 3389
Microsoft SQL ServerTCP 1433


Question Answer
DNS zone transfersTCP 53 Port used for DNS zone transfers
DNS name queriesUDP 53 Port used for DNS name queries
HTTPSTCP 443 Port used for secure web traffic.
HTTPTCP 80 Internet protocol for delivering web pages to the browser.
FTP dataTCP 20 - Port used by FTP to send data to a client.
FTP controlTCP 21 - Port used by FTP commands sent to the server.
SSHTCP 22 Port used to encrypt remote access communication. It typically is used as a secure replacement to Telnet.
SFTPTCP 22 Secure File Transfer Protocol.
POP3TCP 110 Port used by the Internet protocol to read e-mail.
SMTPTCP 25 Port used to send Internet email.
NetBIOSTCP 139 Port used to establish connection between two systems.
TelnetTCP 23 Port used to remotely connect to a system such as a server or router.
RDP3389 port used for remote administration of a Windows system.
IMAPTCP 143 Newer Internet Protocol port used to read email.


Question Answer
DNSUDP port 53 is used for DNS queries
DHCPUDP port 67 is used by DHCP service
DHCPUDP port 68 is used by client requests
TFTPUDP port 69 is used to download files without requiring authentication
NetBIOSUDP port 137 & 138 used by the NetBIOS name service and datagram service
SNMPUDP port 161 is used by the Simple Network Management Protocol

TCP Three-Way Handshake/FLAGS

Question Answer
SYNthe SYNchronize flag is assigned to any packets that are part of the SYN phases of the Tree-way handshake
ACKthe ACKnowledgement flag acknowledges that a previous packet has been received.
PSHthe PuSH flag is designed to force data on an application
URGthe URGent flag specifies that a packet is an urgent packet.
FINthe FINish flag specifies that you would like to finalize, or end, the connection like saying goodbye (polite way)
RSTthe ReSeT flag is used to end a TCP connection without saying goodbye (impolitely)



Question Answer
TCPTransmission Control Protocol
ACK/SYNAcknowledgement Synchronize
UDPUser Datagram Protocol
IPInternet Protocol
ICMPInternet Control Message Protocol - responsible for error and status two programs that use ICMP are PING and TRACERT
ARPAddress Resolution Protocol - responsible for converting an IP address (layered-3 address) to the physical MAC address (layer-2 address)



Question Answer
Something you knowa password or PIN
Something you havea smart card or USB token
Something you area fingerprint or other biometric identification
Somewhere you areyour location using geolocation technologies
Something you dogestures on a touch screen
Single Factor isyour name and one password
Two Factor isAdding something you know, have, are, do, or where, to your name and password.


Question Answer
HTTPHypertext Transfer Protocol - used on the internet to allow clients to request web pages from web servers and to allow client interaction with those web servers
HTTPSHypertext Transfer Protocol Secure - used to connect to a web site and to receive and send content in a n encrypted format using SSL.
SSLSecure Sockets Layer
DNSDomain Name System - service used to convert fully qualified domain names Example: ( to IP address (
SMTPSimple Mail Transfer Protocol - used to send or route mail over a TCP/IP network such as the internet. Protocol for sending email
POP3Post Office Protocol version 3 - used to retrieve e-mail from mail server down. protocol for reading email
IMAP4Internet Message Access Protocol version 4 - similar to POP3 protocol for reading email
SNMPSimple Network Management Protocol - an standard that provides a simple method for remotely managing virtually any network device that support SNMP over UDP
FTPFile Transfer Protocol - protocol that exists to upload and download file between FTP servers and clients.
TFTPTrivial File Transfer Protocol - simple protocol compared with FTP and supports only reading and writing to files.
SFTPSecure File Transfer Protocol - an interactive file transfer protocol similar to FTP.
TELNETTerminal Emulation Protocol _ allows a client to run or emulate the program running on the server.
SSHSecure Shell - program used to created a shell, or session, with a remote system using a secure connection
SCPSecure Copy Protocol - responsible for copying files from a remote server to the local system over a secure connection, ensuring data transmit is kept confidential.
NTPNetwork Time Protocol - used to synchronize the clocks of PC's on the network or the Internet.
LDAPLightweight Directory Access Protocol - is the TCP/IP protocol for directory service access that is supported by all the principal directory services.
NetBIOSNetwork Basic Input/Output System - an application programming interface that is used to make network calls to remote systems and session management functionality


Question Answer
VLANSare a way to create communication boundaries on the network BY DEFAULT one VLAN cannot communicate with systems in another VLAN.
PROXY SERVERmakes the request for the internet resource on behalf of the user and commonly the company will filter and log what web sites users have visited
FIBER OPTICis more secure cable type because it does not carry and electrical signal, but instead carries data as pulses of light.
TCP and UDPare considered layer-4 (transport) protocols.
ICMPprotocol in the TCP/IP protocol suite that is responsible for error and status reporting (PING and Tracert use ICMP), ICMP type 8 is used by the echo request message, and ICMP type 0 is used by echo reply.
IPis a layer 3 protocol of the OSI model responsible for logical addressing and routing.
HTTPuses TCP port 80
HTTPSuses TCP port 443
POP3 & IMAP4are the internet protocols for reading email
SMTPis the Internet protocol for sending email.
FTPused two ports 20 and 21 (20) is responsible for transferring the data between two host in a FTP session. (21) carries the FTP commands from one system to another.
IPv4uses a 32 bit addressing scheme
IPv6is a 128 bit address scheme that uses a hexadecimal address format.

OSI Layers


Question Answer
Layer 7 ApplicationThe layer we see Google Mail, Twitter, and Facebook
Layer 6 PresentationEncoding and Encryption (SSL/TLS)
Layer 5 SessionCommunication between devices (control protocols, tunneling protocols)
Layer 4 TransportThe "post office" layer (TCP segments /UDP datagrams)
Layer 3 NetworkRouting layer (IP Addresses, routers, packets)
Layer 2 DatalinkSwitching layer (frames, MAC address, EUI-48, EUI-64, switches)
Layer 1 PhysicalSignaling cabling (cables, NICS, hubs)

Wireless Encryption and Authentication

Question Answer
WEPWired Equivalent Privacy. 64-bit or 128-bit key size, Cryptographic vulnerabilities found in 2001, WEP is no longer used
WPA (WiFi Protected Access)Short-term workaround after WEP, Used RC4 cipher as a TKIP (Temporal Key Integrity Protocol), TKIP has its own vulnerabilities
WPA2 (WiFi Protected Access2)Replaced TKIP with CCMP (Counter Mode with Cipher Block Chaining, Message Authentication Code Protocol), Replaced RC4 with AES (Advanced Encryption Standard), WPA2 is the latest and most secure wireless encryption method
WPA2-EnterpriseAdds 802.1x, RADIUS server authentication
EAPExtensible Authentication Protocol. An authentication framework, WPA and WPA2 use five EAP types as authentication
LEAP (Lightweight Extensible Authentication Protocol)Cisco proprietary, Uses passwords only, No detailed certificate management, Based on MS-CHAP (including MS-CHAP security shortcomings)
PEAPProtected Extensible Authentication Protocol. Created by Cisco, Microsoft, and RSA Security, Encapsulates EAP in a TLS tunnel, Only one certificate needed, on the server

Wireless Security

Question Answer
Captive Portal Authentication to a network. Common on wireless networks. Access table recognizes a lack of authentication and redirects your web access to a captive portal page.Username / password, and additional authentication factors.Once proper authentication is provided, the web session continues until the captive portal removes your access
Omnidirectional AntennasOne of the most common and included on most access points. Signal is evenly distributed on all sides. Omni=all. Good choice for most environments. You need coverage in all directions. No ability to focus the signal. A different antenna will be required for that
Directional AntennasFocus the signal - Increased distances. Send and receive in a single direction. Focused transmission and listening. Antenna performance is measured in dBDouble power every 3dB of gain.Yagi antenna - Very directional and high gain. Parabolic antenna - Focus the signal to a single point
MAC (Media Access Control) filteringAccess is controlled through the physical hardware address. It’s easy to find a working MAC addresses through wireless LAN analysis. MAC addresses can be spoofed. Security through obscurity
SSID (Service Set Identifier) ManagementThe SSID is the name of the wireless networki.e., LINKSYS, DEFAULT, NETGEAR. Change the SSID to something appropriate for its use. The SSID broadcasts can be disabled. You can still determine the SSID through wireless network analysis. Security through obscurity
Temporal Key Integrity Protocol (TKIP)Created when WEP was broken and needed a stopgap to make 802.11 stronger. Mixed the keys --> Combines the secret root key with the IV. Adds sequence counter --> Prevents replay attacks. 64-bit Message Integrity Check --> Protects against tampering. Used in WPA (Wi-Fi Protected Access) prior to the creation of WPA2
CCMP (Counter Mode with Cipher Block Chaining)Message Authentication Code Protocol. Replaced TKIP when WPA2 was published. A more advanced security protocol--> Based on AES and uses a 128-bit key and a 128-bit block size. Requires additional computing resources. Data confidentiality --> Only authorized parties can access the information. Authentication --> Provides proof of genuineness of the user. Access control --> Allow or disallow access to the network
Site SurveysSample the existing wireless spectrum. Identify existing access points. Work around existing frequencies - layout and plan for interference. Plan for ongoing site surveys - things will certainly change
VPN over Wireless NetworksWireless from your local coffee shop - no encryption. Everyone around the coffee shop can see your traffic. Exceptionally easy to capture your data. Some of your data might be encrypted with HTTPS. Maybe. Protect all of your traffic with a VPN tunnel