Network Ports, Port Numbers, and what they do…

These are the Port Numbers that should be memorized for the CompTIA Security+ exam

Sean Byrne
8 min readDec 9, 2022
We’re talking about network ports, not maritime ports. Photo by HyoSun Rosy Ko

Intro

Ports are an important concept in IT and network security. I find it confusing that they’re called ports, but whatever. To obtain the CompTIA Security+ certificate, memorizing the port numbers and their respective protocols will help immensely.

This article will cover the basics of what a port is in the context of computer networking followed by a list of the commonly known standardized ports, and at the end I’ll cover ways that network administrators can protect against port-based attacks.

What is a port?

These are logical communication endpoints that exists on a computer or server. Perhaps, a clearer definition would be:

A port is a virtual point where network connections start and end. Ports are software-based and managed by a computer’s operating system. Each port is associated with a specific process or service. https://www.cloudflare.com/learning/network-layer/what-is-a-computer-port/

What do ports do?

Whoopdie-doo! Knowing what a port is doesn’t really provide a satisfying answer, BUT knowing what ports do DOES satisfy. The best explanation I found comes from the same source as above:

Ports allow computers to easily differentiate between different kinds of traffic: emails go to a different port than webpages, for instance, even though both reach a computer over the same Internet connection. https://www.cloudflare.com/learning/network-layer/what-is-a-computer-port/

Basically, your computer is sending and receiving so much data at any given moment, that to receive all that via one endpoint would be impractical. In order to organize that data, these ports provide the means to send and receive specific types of data. Put another way:

Vastly different types of data flow to and from a computer over the same network connection. The use of ports helps computers understand what to do with the data they receive. https://www.cloudflare.com/learning/network-layer/what-is-a-computer-port/

For example, some ports just receive data in the form of email while others only deal with internet browsing data. This allows your computer to send/receive so much data simultaneously, because it is organized by these ports. Pretty neat, I guess.

As mentioned, ports send and receive data. Ports receiving data are designated inbound ports and ports sending data are called outbound ports. Inbound ports create communication openings on a server to listen for a connection from a client. Outbound ports are communication openings from clients that call out to a server that is listening for a connection. `

What is UDP and TCP and how do they relate to ports?

UDP and TCP are types of transport protocols. These are important to understand but not important for memorizing port numbers. So, definitely read more on these later, but for now it’s enough to know that these protocols are what specify to which ports to send data. In the list of port numbers below, each port will specify which protocol is used: TCP, UDP, or TCP/UDP.

Where do ports lie in relation to the OSI model?

Many IT people will know what the OSI model is. However for those who don’t, OSI is an acronym for open systems interconnection. This is a conceptual model created as means to be able to imagine how data flows across the internet. It consists of 7 layers. Each layer of the OSI Model handles a specific job and communicates with the layers above and below itself. Here’s more info on the OSI model for a more thorough explanation.

Anyway, with relation to the OSI model, ports fall within layer 4 of the OSI model, which is the Transport layer. Fitting, since it’s the layer pertaining to ports.

How do ports relate to IP addresses?

With regards to the OSI model, ports reside in layer 4 and IP addresses reside in layer 3, the Network layer. This layer pertains to getting data to your computer. Each computer has an IP address which acts like a regular address so the network knows which computer to send data. So, the IP address directs data between computers and the ports help organize how to use that data when it arrives to the computer.

What is a port number?

Ports are standardized across all network-connected devices, with each port assigned a number… meaning the port numbers assigned on my computer are the same as on yours and everyone elses’.

Most ports are reserved for certain protocols — for example, all Hypertext Transfer Protocol (HTTP) messages go to port 80. While IP addresses enable messages to go to and from specific devices, port numbers allow targeting of specific services or applications within those devices.

There are 65,000+ port numbers, but only a handful need to be memorized for the Security+ certification exam. Find that list of port numbers in the next section.

main concept to remember:

Vastly different types of data flow to and from a computer over the same network connection. The use of ports helps computers understand what to do with the data they receive.

Memorize These

21 — FTP — TCP

file transfer protocol; used to transfer files from host to host

22 — SSH, SCP, SFTP —TCP/UDP

Secure Shell for remote administration of network devices and systems, or Secure copy, or Secure FTP

BONUS: SFTP is more secure than FTPS (ports 989/990) because SFTP uses TLS and FTPS uses SSL which has been compromised

23 — Telnet — TCP/UDP

unencrypted method to remotely administer network devices (DON’T USE)

25 — SMTP — TCP/UDP

simple mail transfer protocol; used to send email over the internet

53 — DNS — TCP/UDP

domain name service; used to resolve hostnames to IPs and IPs to hostnames

69 — TFTP — UDP

trivial file transfer protocol; simplified version of FTP to put a file on a remote host, or get a file from a remote host

80 — HTTP — TCP

hypertext transfer protocol; used to transmit web page data to a client for unsecured web browsing

88 — Kerberos — TCP/UDP

used for network authentication using a system of tickets within a Windows domain

110 — POP3 — TCP

post office protocol version 3; used to receive email from a mail server

119 — NNTP — TCP

network new transport protocol; used to transport usenet articles

135 — RPC/DCOM-scm — TCP/UDP

remote procedure call; this is for executing programs remotely, typically a program is told to execute from one computer and run on another computer…

137–139 — NetBIOS — TCP/UDP

used to conduct name querying, sending of data, and other functions over a NetBIOS connection

143 — IMAP — TCP

internet message access protocol; used to receive email from mail servers, but with more features than POP3

161 — SNMP — UDP

simple network management protocol; used to remotely monitor network devices

162 — SNMPTrap — TCP/UDP

simple network management protocol Trap; sends Trap & InformRequests to the SNMP manager on a network

389 — LDAP — TCP/UDP

lightweight directory access protocol; used to maintain directories of users & other objects

443 — HTTPS — TCP

hypertext transfer protocol secure; used to transmit web page data to a client over an SSL/TLS-encrypted connection

445 — SMB — TCP

server message block; used to provide shared access to files & other resources on a network

465/587 — SMTP with SSL/TLS — TCP

simple mail transfer protocol over SSL; used to send email over the internet with an SSL/TLS secured connection

514 — Syslog — UDP

used to conduct computer message logging, especially for routers & firewalls logs

636 — LDAP SSL/TLS — TCP/UDP

used to maintain directories of users and other objects over an encrypted SSL/TLS connection

860 — iSCSI — TCP

internet small computer systems interface; used for linking data storage facilities over IP

989/990 — FTPS — TCP

used to transfer files from host to host over an encrypted connection; uses SSL, less secure than SFTP

Remember: SFTP (port 22) is more secure than FTPS because SFTP uses TLS and FTPS uses SSL which has been compromised

993 — IMAP4 with SSL/TLS — TCP

used to receive email from a mail server over an SSL/TLS-encrypted connection

995 — POP3 (SSL/TLS) — TCP

used to receive email over a mail server using an SSL/TLS-encrypted connection

1433— Ms-sql-s — TCP

Microsoft SQL server; used to receive SQL database queries from clients

1645/1646 — RADIUS — UDP

Remote authentication dial-in user service; used for authentication and authorization (1645) and accounting (1646)

1701 — L2TP — UDP

Layer 2 tunnel protocol; used as an underlying VPN protocol but has no inherent security

1723 — PPTP — TCP/UDP

point-to-point tunneling protocol; the underlying VPN protocol with built-in security

1812/1813 — RADIUS — UDP

Remote authentication dial-in user service; used for authentication and authorization (1812) and accounting (1813) …yep, RADIUS is listed twice, not a mistake

3225 — FCIP — TCP/UDP

fibre channel IP; used to encapsulate fibre Channel franges within TCP/IP packets

3260 — iSCSI Target — TCP

Used as a listening port for iSCSI-targeted devices when linking data storage facilities over IP

3389 — RDP — TCP/UDP

remote desktop protocol; used to remotely view and control other Windows systems via graphical user interface

3868 — diameter — TCP

a more advanced AAA protocol that is a replacement for RADIUS

6514 — Syslog over TLS — TCP

used to conduct computer message logging, especially for routers and firewall logs, over a TLS-encrypted connection

How are ports attacked or compromised?

Attacks on ports are usually the result of leaving ports open on a computer, when they’re not really needed. For example, most people don’t need to allow remote access to their computer, so we keep port 23, Telnet, disabled because that port allows for remote access.

Basically, leaving unused ports open(enabled) is the most common vulnerability from ports.

How can ports be hardened against attack?

By now, you may have guessed it, but simply closing(disabling) unused ports is one of the best means of protecting against a port-based attack. However, other means exist for protecting ports.

Implementing Port Security measures will also help. Port Security involves specifying MAC address limits on any given port. These limits can specify

  • which particular MAC addresses are allowed on the port
  • or even, how many MAC addresses can be allowed on the port

Another means for securing ports entails the use of VLANs. These are used to create compartmentalization within a network the flow of data.

Lastly, one that is more commonly known, firewalls. However, these are mentioned last because they are redundant (at least from my understanding) to just turning ‘off’ a port. The difference being that firewalls don’t turn ‘off’ ports but ‘block’ ports. Anyway, redundancy is cool sometimes.

Thanks for reading and good luck memorizing the port numbers for the CompTIA Security+ exam.

BONUS: Try these step-by-step tutorials for securing your ports

--

--