1.4. CompTIA Network+

Explain common networking ports, protocols, services, and traffic types.

TCP (Transmission Control Protocol)

Core internet protocol that is connection-oriented (handshake), has reliable delivery (recovery from errors), and flow control (receiver can manage how much data is sent).

UDP (User Datagram Protocol)

Core internet protocol that is connectionless, has unreliable delivery (no error recovery), and no flow control (sender determines amount of data sent).

FTP (File Transfer Protocol)

Transfers files between systems generically. Uses tcp/20 (active mode file transfer process), and tcp/21 (login and commands).

SSH (Secure Shell)

Text-based console communication that uses tcp/22. Uses an encrypted communication link to give remote access, command executions, and file transfers.

SFTP (Secure File Transfer Protocol)

Generic file transfer with security (encrypted). Uses tcp/22 within SSH and provides file system functionality (resuming interrupted transfers, directory listings, remote file removal).

Telnet

Console access similar to SSH. Uses tcp/23 and in-the-clear communication (open and unsecured).

SMTP (Simple Mail Transfer Protocol)

Server-to-server email transfer. Uses tcp/25 and can also be used to send mail from a device to a mail server.

SMTPS (Simple Mail Transfer Protocol Secure)

Similar function to SMTP but with security by using TLS (Transport Layer Security) encryption. Uses tcp/587.

DNS (Domain Name System)

Converts names to IP addresses and uses udp/53. But large transfers may use tcp/53.

DHCP (Dynamic Host Configuration Protocol)

Automated configuration of IP address, subnet mask and other options. Uses udp/67 and udp/68. IP addresses are assigned in real-time from a pool and reserved based on MAC addresses in the server.

TFTP (Trivial File Transfer Protocol)

A very simple file transfer application that read and write files. There’s no authentication but useful when starting a system.

HTTP and HTTPS (Hypertext Transfer Protocol [Secure])

Communication in browser and other applications. One uses tcp/80 and the other tcp/443, respectively. Uses in-the-clear or encryption communication (TLS or SSL).

NTP (Network Time Protocol)

Used by devices to synchronize their clocks to a standard time source, essential for logging, security, and distributed applications.

SNMP (Simple Network Management Protocol)

Gathers statistics from network devices using udp/161 (Get, Send) and sends alerts and notifications using traps on udp/162.

LDAP and LDAPS (Lightweight Directory Access Protocol)

Stores and retrieves information in a network directory using tcp/389. The secure version uses SSL on tcp/636.

SMB (Server Message Block)

Protocols used by Microsoft for file and printer sharing. Integrated into the operating system using tcp/445 and has features such as file share publishing and file locking.

Syslog

A standard protocol for message logging, allowing different devices and applications to send system/event messages to a central server for monitoring, analysis, and troubleshooting using udp/514.

SQL (Structured Query Language) server

Programming language that manages data (store, retrieve, manipulate) in a structured, table-based format.

RDP (Remote Desktop Protocol)

Protocol that allows users to share a desktop from a remote location over tcp/3389.

ICMP (Internet Control Message Protocol)

The “text messaging” for network devices. Allows devices to send error messages and operational information indicating success or failure when communicating with another IP address.

GRE (Generic Route Encapsulation)

The “tunnel” between two endpoints. Protocol that wraps packets inside another to create a virtual point-to-point link over an IP network.

IPSec (Internet Protocol Security)

A suite of protocols that uses authentication and encryption for every packet, providing confidentiality and integrity for data in transit (packet signing).

AH (Authentication Header)

One of the protocols used in IPSec and HTTP. Used for IP packet integrity and source verification in IPSec while the other validates the user/API key.

ESP (Encapsulation Security Payload)

A key protocol in IPSec that secures IP packets by encryption similar to a “secure envelope” to prevent from unauthorized access or tampering.

IKE (Internet Key Exchange)

Protocol that automates establishing secure communication channels between devices over insecure networks. Uses the “handshake” method over udp/500.

Unicast

One station sending information to another station (one-to-one). Common uses includes web surfing and file transfers.

Multicast

One station delivering information to interested systems (one-to-many). Common uses includes multimedia delivery, stock exchanges, and dynamic routing updates.

Anycast

One station has multiple paths to two or more endpoints (one-to-one-of-many).

Broadcast

One station sends information to everyone at once (one-to-all). Common uses includes routing updates and ARP requests.