If you're planning on taking the CompTIA Security+ exam you should have many of the well-known ports memorized. Objective 1.5 "Identify commonly used default network ports" for the CompTIA Security+ exam lists several protocols and you should know the ports used for each of these.
Well Known Ports
Well known port numbers are matched to specific protocols and when you see the port, you should be able to identify the protocol. Sometimes you may be given the protocol and be required to identify the port. There are 1024 well known TCP and UDP ports (numbered 0 through 1023) but you don't need to memorize them all. You should know the ports in the tables on this page.
The well-known ports are logical ports and have nothing to do with physical ports. For example, TCP port 80 is the port used for Hypertext Transfer Protocol (HTTP) and TCP port 443 is the port used for Hypertext Transfer Protocol Secure (HTTPS).
In contrast, a physical port on a switch or router is used to make a physical connection between devices. You can touch the physical port while the logical port is simply a number embedded in the packet.
Every packet has both a source port and a destination port along with a source IP address and a destination IP address. The IP address is used to get the packet to the destination system and when the packet is received, TCP/IP uses the port information to determine how to handle the packet. This blog on Understanding Ports for Security+ describes the process of how logical ports are used in more detail.
TCP and UDP
Each of these logical ports are technically identified as either a Transmission Control Protocol (TCP) port or a User Datagram Protocol (UDP) port depending on which transport protocol they use. When preparing for the Security+ exam, you should be aware of some of the protocols that use UDP instead of TCP.
If the protocol requires the benefits of TCP such as guaranteed delivery, it will use the TCP port. For example, web traffic using Hypertext Transfer Protocol (HTTP) uses TCP because web pages will not display properly if some of the packets aren't received. TCP tracks all the packets and if one is lost, it sends a request to have it resent. This takes a little longer, but provides the assurance that all packets are received.
Some protocols use only the UDP port. For example, Trivial File Transport Protocol (TFTP) uses UDP port 69 but not TCP port 69.
Other protocols will use both TCP and UDP, depending on the purpose. For example, Domain Name System (DNS) will normally use UDP port 53 when responding to typical name resolution requests from clients. However, when one DNS server is transferring data to another DNS server, it will typically use TCP port 53.
The tables on this page specify whether a protocol uses TCP, UDP, or both. If you want to know specifically which transport protocol is used for other protocols, check out Wikipedia's list of TCP and UDP port numbers.
Interestingly, Internet Assigned Numbers Authority (IANA) previously identified which transport protocol was used for each port in their Service Name and Transport Protocol Port Number Registry . However, they seem to have defaulted to just listing both TCP and UDP for each port. For example, Telnet (defined in RFC 854) only uses TCP port 23, not UDP. However, IANAs port number registry lists both TCP and UDP for Telnet.
Practice Test Question
When you know the ports and understand the protocols, questions are much easier to answer. For example, consider this practice test question:
Q. What port do you need to close to block outgoing email?
A. TCP port 22
B. TCP port 25
C. TCP port 110
D. TCP port 443
Answer at the end of the blog.
Will You Be Tested on Ports?
It's entirely possible that if you take the time to memorize these ports, you might not get any questions on them. It's rare, but some test takers report not seeing a single question on ports. However, this knowledge is still valuable to you in the field.
It's also entirely possible that if you don't memorize them, you'll get ten questions on ports and drop the exam due to this lack of knowledge. With this in mind, it's worth your time to memorize these ports. If you're tested on them, the questions will be "gimme" questions that you'll breeze through easily.
When preparing for the Security+ exam, you should know the ports in the following tables. They are organized based on usage.
File Transfer Ports
The ports in this table are used with protocols that transfer files.
|File Transfer Protocols||TCP||UDP||Port|
|FTP - File Transport Protocol||TCP||20, 21|
|SSH - Secure Shell||TCP||22|
|SFTP - Secure File Transport Protocol (uses SSH)||TCP||22|
|SCP - Secure Copy (uses SSH)||TCP||22|
|TFTP - Trivial File Transport Protocol||UDP||69|
|FTPS - File Transport Protocol Secure (uses SSL)||TCP||443|
The ports in this table are used with email related protocols.
|Email Related Protocols||TCP||UDP||Port|
|SMTP - Simple Mail Transport Protocol||TCP||25|
|POP3 - Post Office Protocol version 3||TCP||110|
|IMAP4 - Internet message access protocol version 4||TCP||143|
Remote Access Ports
The ports in this table are associated with protocols used to connect to remote computers for various purposes.
|Remote Access Protocols||TCP||UDP||Port|
|TACACS - Terminal Access Controller Access-Control System||UDP||49|
|SSL VPN - Secure Sockets Layer virtual private network||TCP||443|
|ISAKMP (VPN) - Internet Security Association and Key Management Protocol (virtual private network)||UDP||500|
|L2TP - Layer 2 Tunneling Protocol||UDP||1701|
|PPTP - Point-to-Point Tunneling Protocol||TCP||UDP||1723|
|RDP - Remote Desktop Protocol||TCP||UDP||3389|
The ports in this table don't fit neatly in any of the other categories but are still relevant.
|DNS - Domain Name System||TCP||UDP||53|
|DHCP - Dynamic Host Configuration Protocol||UDP||67, 68|
|HTTP - Hypertext Transfer Protocol||TCP||80|
|HTTPS - Hypertext Transfer Protocol Secure||TCP||443|
|NNTP - Network News Transfer Protocol||TCP||119|
|SNMP - Simple Network Management Protocol||UDP||161|
|SNMP Trap - Simple Network Management Protocol Trap||TCP||UDP||162|
|LDAP - Lightweight Directory Access Protocol||TCP||UDP||389|
Practice Test Question Answer
Q. What port do you need to close to block outgoing email?
A. Port 22
B. Port 25
C. Port 110
D. Port 443
TCP port 25 is used for SMTP and SMTP is used for outgoing email.
TCP port 22 is used for SSH, SFTP, and SCP but not for email.
TCP port 110 is used for POP3 but POP3 is only used for incoming email, not outgoing email.
TCP port 443 is used for HTTPS, not email.
There are 1024 well known TCP and UDP ports, numbered 0 through 1023. You don't need to memorize them all but you should know some of the common port numbers when preparing for the Security+ exam. You should also know which protocols have a preference of TCP over UDP. These concepts are covered in more depth in the CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions.