Well known port numbers are matched to specific protocols and when you see the port, you should be able to identify the protocol. Sometimes you may be given the protocol and be required to identify the port. There are 1024 well known TCP and UDP (numbered 0 through 1023) but you don't need to memorize them all. However, you do need to know certain ports for the CompTIA Security+, CompTIA Network+, and SSCP exams.
Logical Ports
The well-known ports are logical ports and have nothing to do with physical ports. For example, port 80 is the port used for Hypertext Transfer Protocol (HTTP) and port 443 is the port used for Hypertext Transfer Protocol Secure (HTTPS).In contrast, a physical port on a switch or router is used to make a physical connection between devices. You can touch the physical port while the logical port is simply a number embedded in the packet.
Every packet has both a source port and a destination port along with a source IP address and a destination IP address. The IP address is used to get the packet to the destination system and when the packet is received, TCP/IP uses the port information to determine how to handle the packet. This blog on Understanding Ports for Security+ describes the process of how logical ports are used in more detail.
Pass the Security+ exam the first time you take it:
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
TCP and UDP
Each of these logical ports are technically identified as either a Transmission Control Protocol (TCP) port or a User Datagram Protocol (UDP) port depending on which transport protocol they use. For example, HTTP can use either UDP port 80 or TCP port 80. It almost always uses TCP for guaranteed delivery but both TCP port 80 and UDP port 80 are reserved for HTTP.Some protocols use only the UDP port. For example, Trivial File Transport Protocol (TFTP) uses UDP port 69 but not TCP port 69.
As you advance in the IT field, you'll find that you need to know whether a protocol is using a TCP port or a UDP port. However for these exams, this depth of knowledge is rarely needed. Instead, you should focus on memorizing the port number. If you want to know specifically which transport protocol is used for any protocol, check out Wikipedia's list of TCP and UDP port numbers.
Interestingly, Internet Assigned Numbers Authority (IANA) previously identified which transport protocol was used for each port in their Service Name and Transport Protocol Port Number Registry . However, they seem to have defaulted to just listing both TCP and UDP for each port. For example, Telnet (defined in RFC 854) only uses TCP port 23, not UDP. However, IANAs port number registry lists both TCP and UDP for Telnet.
Network+ Ports
When preparing for the Network+ exam, you should know these ports.| Protocol | Port |
|---|---|
| FTP - File Transport Protocol | 20, 21 |
| SSH - Secure Shell | 22 |
| Telnet | 23 |
| SMTP - Simple Mail Transport Protocol | 25 |
| DNS - Domain Name System | 53 |
| DHCP - Dynamic Host Configuration Protocol | 67, 68 |
| TFTP - Trivial File Transport Protocol | 69 |
| HTTP - Hypertext Transfer Protocol | 80 |
| HTTPS - Hypertext Transfer Protocol Secure | 443 |
| SSL VPN - Secure Sockets Layer virtual private network | 443 |
| POP3 - Post Office Protocol version 3 | 110 |
| NTP - Network Time Protocol | 123 |
| IMAP4 - Internet message access protocol version 4 | 143 |
| SNMP - Simple Network Management Protocol | 161 |
| IPsec - Internet Protocol security (through the use of ISAKMP - Internet Security Association and Key Management Protocol) | 500 |
| RDP - Remote Desktop Protocol | 3389 |
Looking for Security+ Practice Test Questions?
Check out these resources
CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions [Paperback]
or
CompTIA Security+ SY0-301 Practice Test Questions (Get Certified Get Ahead) [Kindle]
When you know the ports and understand the protocols, questions are much easier to answer. For example, consider this practice test question that could be in a Network+, Security+, or SSCP exam:Check out these resources
CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions [Paperback]
or
CompTIA Security+ SY0-301 Practice Test Questions (Get Certified Get Ahead) [Kindle]
Q. What port do you need to close to block outgoing email?
A. Port 22
B. Port 25
C. Port 110
D. Port 443
Answer at the end of the blog.
Security+ Ports
When preparing for the Security+ exam, you should know these ports.| Protocol | Port |
|---|---|
| FTP - File Transport Protocol | 20, 21 |
| SSH - Secure Shell | 22 |
| SFTP - Secure File Transport Protocol (uses SSH) | 22 |
| SCP - Secure Copy (uses SSH) | 22 |
| Telnet | 23 |
| SMTP - Simple Mail Transport Protocol | 25 |
| TACACS - Terminal Access Controller Access-Control System | 49 |
| DNS - Domain Name System | 53 |
| DHCP - Dynamic Host Configuration Protocol | 67, 68 |
| TFTP - Trivial File Transport Protocol | 69 |
| HTTP - Hypertext Transfer Protocol | 80 |
| HTTPS - Hypertext Transfer Protocol Secure | 443 |
| SSL VPN - Secure Sockets Layer virtual private network | 443 |
| Kerberos | 88 |
| POP3 - Post Office Protocol version 3 | 110 |
| NNTP - Network News Transfer Protocol | 119 |
| IMAP4 - Internet message access protocol version 4 | 143 |
| SNMP - Simple Network Management Protocol | 161 |
| SNMP Trap - Simple Network Management Protocol Trap | 162 |
| LDAP - Lightweight Directory Access Protocol | 389 |
| ISAKMP (VPN) - Internet Security Association and Key Management Protocol (virtual private network) | 500 |
| Syslog | 514 |
| L2TP - Layer 2 Tunneling Protocol | 1701 |
| PPTP - Point-to-Point Tunneling Protocol | 1723 |
| RDP - Remote Desktop Protocol | 3389 |
SSCP Ports
The list of SSCP ports is a little easier for me to create. It's simply all of the ports listed in the previous two tables. The (ISC)2 objectives do not list specific ports that you need to know but instead include the words "Commonly Used Ports and Protocols". Theortically, they can ask you about any of the ports but you're unlikely to see anything other than what is listed here. If you do, please let me know.Practice Test Question Answer
Q. What port do you need to close to block outgoing email?A. Port 22
B. Port 25
C. Port 110
D. Port 443
Answer: B
Port 25 is used for SMTP and SMTP is used for outgoing email.
Port 22 is used for SSH, SFTP, and SCP but not for email.
Port 110 is used for POP3 but POP3 is only used for incoming email, not outgoing email.
Port 443 is used for HTTPS, not email.
