EC-Council: Computer Hacking Forensic Investigator(CHFI-V10)
Module 8 : Network Forensics
         
Notes available : 7 You are not logged in.
Please Login for track your learning progress
   
 
Sl.No: 1 | 2 | 3 | 4 | 5 | 6 | 7 |
Go to Note No.



Bookmark this Note
Note ID: 131

Default and Common Port Numbers and its protocols & functions


If you want to share the link of this note, please click here to "Copy note link" and share that generated link. Link from URL may change in future.
 


Port number is a 16-bit numerical value that ranges from 0 to 65535. Well-known port (0-1023), registered port (1024-49151), and dynamic port is three types of port number space. (49152-65535).

These ports can be opened and used by software applications and operating system services to send and receive data over networks (LAN or WAN) that employ certain protocols (eg TCP, UDP). Port numbers identify a particular application or service on a system. An IP address identifies a machine in an IP network and determines the destination of a data packet, while port numbers identify particular applications or services on a system. Port numbers identify a particular application or service on a system.

Why is it important to know these ports?

Any security researcher, bug bounty hunter, or anyone working with service configuration would benefit from this. Knowing how to do more thorough scans such as version detection or known vulnerabilities for ancient services that are still operating in the infrastructure, especially when using tools like Nmap, is handy when getting to know these protocols and services.

The following are some of the most common service names, transport protocol names, and port numbers used to differentiate between specific services that employ TCP, UDP, DCCP, and SCTP.

Port Number

Service name

Transport protocol

Description

7

Echo

TCP, UDP

Echo service

20

FTP-data

TCP, SCTP

File Transfer Protocol data transfer

21

FTP

TCP, UDP, SCTP

File Transfer Protocol (FTP) control connection

22

SSH-SCP

TCP, UDP, SCTP

Secure Shell, secure logins, file transfers (scp, sftp), and port forwarding

23

Telnet

TCP

Telnet protocol—unencrypted text communications

25

SMTP

TCP

Simple Mail Transfer Protocol, used for email routing between mail servers

53

DNS

TCP, UDP

Domain Name System name resolver

69

TFTP

UDP

Trivial File Transfer Protocol

80

HTTP

TCP, UDP, SCTP

Hypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2.

HTTP/3 uses QUIC, a transport protocol on top of UDP

88

Kerberos

TCP, UDP

Network authentication system

102

Iso-tsap

TCP

ISO Transport Service Access Point (TSAP) Class 0 protocol

110

POP3

TCP

Post Office Protocol, version 3 (POP3)

135

Microsoft EPMAP

TCP, UDP

Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, used to remotely manage services including DHCP server, DNS server, and WINS. Also used by DCOM

137

NetBIOS-ns

TCP, UDP

NetBIOS Name Service, used for name registration and resolution

139

NetBIOS-ssn

TCP, UDP

NetBIOS Session Service

143

IMAP4

TCP, UDP

Internet Message Access Protocol (IMAP), management of electronic mail messages on a server

162

SNMP

UDP

SNMP agent," using destination port 161

163

SNMP

UDP

When the SNMP agent wants to report something or respond to a command, an agent will send an "SNMP trap" on port 162 to the manager

381

HP Openview

TCP, UDP

HP data alarm manager

383

HP Openview

TCP, UDP

HP performance data collector.

443

HTTP over SSL

TCP, UDP, SCTP

Hypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP.

464

Kerberos

TCP, UDP

Kerberos Change/Set password

465

SMTP over TLS/SSL, SSM

TCP

Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for SSM (Cisco protocol)

587

SMTP

TCP

Email message submission

593

Microsoft DCOM

TCP, UDP

HTTP RPC Ep Map, Remote procedure call over Hypertext Transfer Protocol, often used by Distributed Component Object Model services and Microsoft Exchange Server

636

LDAP over TLS/SSL

TCP, UDP

Lightweight Directory Access Protocol over TLS/SSL

691

MS Exchange

TCP

MS Exchange Routing

902

VMware Server

unofficial

VMware ESXi

989

FTP over SSL

TCP, UDP

FTPS Protocol (data), FTP over TLS/SSL

990

FTP over SSL

TCP, UDP

FTPS Protocol (control), FTP over TLS/SSL

993

IMAP4 over SSL

TCP

Internet Message Access Protocol over TLS/SSL (IMAPS)

995

POP3 over SSL

TCP, UDP

Post Office Protocol 3 over TLS/SSL

1025

Microsoft RPC

TCP

Microsoft operating systems tend to allocate one or more unsuspected, publicly exposed services (probably DCOM, but who knows) among the first handful of ports immediately above the end of the service port range (1024+).

1194

OpenVPN

TCP, UDP

OpenVPN

1337

WASTE

unofficial

WASTE Encrypted File Sharing Program

1589

Cisco VQP

TCP, UDP

Cisco VLAN Query Protocol (VQP)

1725

Steam

UDP

Valve Steam Client uses port 1725

2082

cPanel

unofficial

cPanel default

2083

radsec, cPanel

TCP, UDP

Secure RADIUS Service (radsec), cPanel default SSL

2483

Oracle DB

TCP, UDP

Oracle database listening for insecure client connections to the listener, replaces port 1521

2484

Oracle DB

TCP, UDP

Oracle database listening for SSL client connections to the listener

2967

Symantec AV

TCP, UDP

Symantec System Center agent (SSC-AGENT)

3074

XBOX Live

TCP, UDP

Xbox LIVE and Games for Windows – Live

3306

MySQL

TCP

MySQL database system

3724

World of Warcraft

TCP, UDP

Some Blizzard games, Unofficial Club Penguin Disney online game for kids

4664

Google Desktop

unofficial

Google Desktop Search

5432

PostgreSQL

TCP

PostgreSQL database system

5900

RFB/VNC Server

TCP, UDP

virtual Network Computing (VNC) Remote Frame Buffer RFB protocol

6665-6669

IRC

TCP

Internet Relay Chat .

6881

BitTorrent

unofficial

BitTorrent is part of the full range of ports used most often

6999

BitTorrent

unofficial

BitTorrent is part of the full range of ports used most often

6970

Quicktime

unofficial

QuickTime Streaming Server

8086

Kaspersky AV

TCP

Kaspersky AV Control Center

8087

Kaspersky AV

UDP

Kaspersky AV Control Center

8222

VMware Server

TCP, UDP

VMware Server Management User Interface (insecure Web interface).

9100

PDL

TCP

PDL Data Stream, used for printing to certain network printers.

10000

BackupExec

unofficial

Webmin, Web-based Unix/Linux system administration tool (default port)

12345

NetBus

unofficial

NetBus remote administration tool (often Trojan horse).

27374

Sub7

unofficial

Sub7 default

31337

Back Orifice

unofficial

Back Orifice 2000 remote administration tools




  Go to notes  






WELCOME TO ONLINE EXAM PREPARATION SYSTEM

Certification Examinations