TCP/UD

ProtocolPort P Use Case

Used for transferring hypertext requests and information

HTTP 80 TCP between a client and a server in a web environment.

Secure version of HTTP. Encrypts and decrypts user page

HTTPS 443 TCP requests and the pages that are returned by the web server.

Used for transferring files between a client and server on a

FTP 20, 21 TCP network.

Secure version of FTP. Encrypts data transferred between the

SFTP 22 TCP client and server.

Provides a secure channel over an unsecured network by

using a client-server architecture, connecting an SSH client
SSH 22 TCP application with an SSH server.

Used to provide a command-line interface for

Telnet 23 TCP communication with a remote device or server.

SMTP 25 TCP Used for sending emails.

POP3 110 TCP Retrieves emails from a server.

Retrieves emails from a server and stores them on a local

IMAP 143 TCP device.

DNS 53 TCP/UDP Translates domain names to IP addresses.

DHCP 67, 68 UDP Automatically assigns IP addresses to devices on a network.

 Collects and organizes information about managed devices
SNMP 161, 162 UDP on IP networks.

RDP 3389 TCP Used to provide remote access to a Windows system.

LDAP 389, 636 TCP Used for directory services.

Provides shared access to files, printers, and serial ports

SMB 445 TCP/UDP between nodes on a network.

Synchronizes timekeeping among a set of distributed time

NTP 123 UDP servers and clients.

POP3S 995 TCP Secure version of POP3.

SMTPS 465 TCP Secure version of SMTP.

Used to notify an SNMP manager of a problem on a device or

SNMP Trap 162 UDP network.

Internet Relay Chat (IRC) is an application layer protocol that

IRC 194 TCP/UDP facilitates communication in the form of text.

Secure Sockets Layer (SSL) is a cryptographic protocol

designed to provide communications security over a
SSL 443 TCP/UDP computer network.

Transport Layer Security (TLS) is a cryptographic protocol

designed to provide communications security over a
TLS 443 TCP/UDP computer network.
 Secure Real-time Transport Protocol (SRTP) is a security
framework used to protect voice, video, and other multimedia
SRTP 5061 TCP/UDP sessions over the Internet.

Provides secure communication over an IP network through

IPSEC 500, 4500 UDP the use of cryptographic security services.

Creates a secure, encrypted connection over a less secure

VPN 500, 4500 UDP network, such as the Internet.

Secure Access Service Edge (SASE) is a network architecture

that combines network security functions with WAN
capabilities to support the dynamic, secure access needs of
SASE - - organizations.

Unified Threat Management (UTM) is an approach to security

management that provides multiple security features and
UTM - - services in a single device or service on the network.

A web application firewall (WAF) is a security appliance or

service that protects web applications from common web-
based threats, such as cross-site scripting (XSS), SQL injection,
WAF - - and DDoS attacks.

Next-Generation Firewall (NGFW) is a network security

device that integrates traditional firewall features with
advanced security technologies, such as intrusion prevention
NGFW - - systems (IPS), application awareness, and threat intelligence.

Internet Security Association and Key Management Protocol

(ISAKMP) is a protocol for establishing Security Associations
ISAKMP 500 UDP (SA) and cryptographic keys in an Internet environment.

Domain Name System Security Extensions (DNSSEC) is a suite

of extensions to DNS that provides origin authentication of
DNS data, data integrity, and authenticated denial of
DNSSEC 53 TCP/UDP existence.
 Sender Policy Framework (SPF) is an email authentication
method designed to detect forged sender addresses in emails,
SPF - - a technique often used in phishing and email spam.

Network Access Control (NAC) is a security solution that

enforces security policies on devices seeking to access a
NAC - - network.

Out-of-band management (OOBM) is a management

architecture used for managing and monitoring network
devices through a separate connection that is separate from
Out-of-b - - the data path.
Associated Devices

Web servers, web browsers

Secure web servers, web browsers

FTP servers, FTP clients

SFTP servers, SFTP clients

SSH servers, SSH clients

Telnet servers, Telnet clients

SMTP servers, email clients

POP3 servers, email clients

IMAP servers, email clients

DNS servers, DNS clients

DHCP servers, DHCP clients

SNMP agents, SNMP managers

Windows servers, Windows clients

LDAP servers, LDAP clients

Windows servers, Windows clients

NTP servers, NTP clients

POP3S servers, email clients

SMTPS servers, email clients

SNMP trap sender, SNMP trap receiver

IRC servers, IRC clients

Web servers, web browsers

Web servers, web browsers

VoIP servers, VoIP clients

VPN gateways, VPN clients

VPN gateways, VPN clients

SASE platforms

UTM appliances

WAF appliances, cloud-based WAF services

NGFW appliances

VPN gateways, VPN clients

DNSSEC-enabled DNS servers, DNS clients

Email servers, DNS servers

NAC servers, NAC clients

Network management systems, management

consoles
What is it? Real-World Scenario

Hypertext Transfer Protocol (HTTP) is the foundation of data Accessing websites, loading web pages,
communication on the World Wide Web. submitting web forms.

Hypertext Transfer Protocol Secure (HTTPS) is an extension of

HTTP and is used for secure communication over a computer Secure online transactions, accessing sensitive
network. information (e.g., online banking, email).

File Transfer Protocol (FTP) is a standard network protocol used

to transfer files from one host to another over a TCP-based Uploading files to a website, sharing files
network, such as the Internet. between computers.

SSH File Transfer Protocol (SFTP) is a secure file transfer

protocol that provides file access, file transfer, and file Securely transferring sensitive files between
management functionalities over any reliable data stream. computers, backing up data.

Secure Shell (SSH) is a cryptographic network protocol for Secure remote access to servers, executing
operating network services securely over an unsecured network. commands remotely.

Telnet is a network protocol that provides text-based Remote administration of network devices,
communications between devices. troubleshooting network connectivity issues.

Simple Mail Transfer Protocol (SMTP) is an Internet standard for Sending emails, routing emails between mail
electronic mail (email) transmission. servers.

Post Office Protocol version 3 (POP3) is a standard mail protocol

used to receive emails from a remote server to a local email Downloading emails to a local computer,
client. managing email accounts.

Internet Message Access Protocol (IMAP) is an Internet

standard protocol used by email clients to retrieve email Accessing emails from multiple devices,
messages from a mail server over a TCP/IP connection. synchronizing email folders.

Domain Name System (DNS) is a hierarchical and decentralized Resolving domain names (e.g.,
naming system for computers, services, or other resources www.example.com) to IP addresses, browsing
connected to the Internet or a private network. websites.

Dynamic Host Configuration Protocol (DHCP) is a network

management protocol used to automatically assign IP addresses
and other network configuration parameters to devices on a Providing IP addresses to computers, mobile
network. devices, and IoT devices on a network.
 Simple Network Management Protocol (SNMP) is an Internet
Standard protocol for collecting and organizing information
about managed devices on IP networks and for modifying that Monitoring network devices (routers,
information to change device behavior. switches, servers), network management.

Remote Desktop Protocol (RDP) is a proprietary protocol

developed by Microsoft, which provides a user with a graphical Remote administration of Windows servers
interface to connect to another computer over a network and desktops, accessing work computers from
connection. home.

Lightweight Directory Access Protocol (LDAP) is an open,

vendor-neutral, industry standard application protocol for Managing user accounts and directory
accessing and maintaining distributed directory information information in organizations, authentication
services over an Internet Protocol (IP) network. and authorization.

Server Message Block (SMB) is a network file sharing protocol

that allows applications and data on a network to communicate File and printer sharing in Windows networks,
and share files, printers, and serial ports. accessing shared resources.

Network Time Protocol (NTP) is a networking protocol for clock

synchronization between computer systems over packet- Synchronizing computer clocks in a network,
switched, variable-latency data networks. timestamping events and logs.

Post Office Protocol version 3 Secure (POP3S) is a secure version

of the POP3 protocol that uses Transport Layer Security (TLS) or
Secure Sockets Layer (SSL) to encrypt email client/server Securely retrieving emails from a mail server,
communication. protecting email communication.

Simple Mail Transfer Protocol Secure (SMTPS) is a secure

version of SMTP that uses Transport Layer Security (TLS) or
Secure Sockets Layer (SSL) to encrypt email client/server Securely sending email messages between
communication. email servers, protecting email communication.

An SNMP trap is an event notification sent by an SNMP-enabled

device to another (the "trap receiver") of a condition that the Monitoring and managing network devices,
device has detected. identifying network issues and faults.

Internet Relay Chat (IRC) is a protocol that enables real-time Real-time text-based communication, online
text messaging between users in chat rooms. chat rooms and discussion forums.

SSL is used to establish an encrypted link between a web server Securely transmitting sensitive data over the
and a browser, ensuring that all data transferred between the Internet, such as online banking transactions
two remains private and secure. and e-commerce purchases.

TLS is the successor to SSL and is used to secure Securely transmitting sensitive data over the
communications over the Internet by encrypting data between Internet, such as online banking transactions
the client and server. and e-commerce purchases.
 Securing voice and video calls over the
SRTP provides encryption, message authentication, and Internet, protecting against eavesdropping and
integrity protection for real-time multimedia communications. tampering.

Internet Protocol Security (IPsec) is a secure network protocol

suite that authenticates and encrypts the packets of data sent Establishing secure VPN connections,
over an IP network. encrypting data transmitted over the Internet.

A virtual private network (VPN) extends a private network

across a public network and enables users to send and receive Securely connecting remote users or branch
data across shared or public networks as if their computing offices to a corporate network, accessing
devices were directly connected to the private network. restricted resources over the Internet.

Secure Access Service Edge (SASE) is a network architecture

that converges security and networking capabilities into a cloud- Providing secure access to corporate resources
native service model to deliver secure access to applications, for remote users, implementing cloud-based
data, and services from any location. security services.

Unified Threat Management (UTM) solutions integrate multiple

security features into a single device or service, simplifying Protecting against a wide range of network
security management and reducing the number of devices on security threats, such as malware, viruses, and
the network. intrusions.

A web application firewall (WAF) is a security solution designed Protecting web applications from cyber
to protect web applications from a wide range of threats and attacks, ensuring the security and availability of
vulnerabilities. online services.

A Next-Generation Firewall (NGFW) is a network security device

that combines traditional firewall functionality with advanced Providing advanced threat detection and
security features to provide enhanced protection against prevention, inspecting and filtering network
modern threats. traffic at the application layer.

Internet Security Association and Key Management Protocol

(ISAKMP) is a protocol for establishing Security Associations (SA) Establishing secure VPN connections,
and cryptographic keys in an Internet environment. negotiating security parameters for IPsec.

Domain Name System Security Extensions (DNSSEC) is a suite of

extensions to the
Sender Policy Framework (SPF) is an email authentication
method that allows domain owners to publish a list of IP Preventing email spoofing and phishing
addresses or hostnames that are authorized to send email on attacks, verifying the authenticity of email
behalf of their domain. senders.

Network Access Control (NAC) is a security solution that

enforces security policies on devices seeking to access a Implementing access controls for devices
network, ensuring that only authorized and compliant devices connecting to a network, enforcing security
can connect. policies and compliance requirements.

Out-of-band management (OOBM) allows network

administrators to manage and monitor network devices through Remotely managing and troubleshooting
a dedicated management channel that is separate from the network devices, performing configuration
main data path. changes and firmware updates.
Example Question (CompTIA
SY0-701)

Which port is commonly used for

unencrypted web traffic?

Which protocol and port combination is

commonly used for secure web
browsing?

Which protocol and port combination is

commonly used for transferring files
between a client and a server?

Which protocol provides a secure

method for transferring files over a
network?

Which protocol is used to establish

secure shell connections for remote
administration?

Which protocol is commonly used for

unencrypted remote terminal access?

Which protocol is used to send email

messages between email servers?

Which protocol is used to retrieve email

messages from a mail server?

Which protocol allows users to access

and manage emails from multiple
devices while keeping them
synchronized?

Which protocol is used to translate

domain names into IP addresses?

Which protocol is used to automatically

assign IP addresses to devices on a
network?
Which protocol is used to collect and
organize information about managed
devices on an IP network?

Which protocol is commonly used to

provide remote desktop access to
Windows systems?

Which protocol is commonly used for

accessing and maintaining directory
information services?

Which protocol is used for file and

printer sharing in Windows networks?

Which protocol is commonly used to

synchronize the time between
computer systems on a network?

Which protocol is used to securely

retrieve email messages from a mail
server?

Which protocol is used to securely send

email messages between email servers?

Which protocol is used to send event

notifications from one SNMP-enabled
device to another when a network issue
is detected?

Which protocol is used for real-time

text messaging between users in chat
rooms?

Which protocol is used to establish an

encrypted link between a web server
and a browser, ensuring secure data
transmission?

Which protocol is the successor to SSL

and is used to secure communications
over the Internet by encrypting data
between the client and server?
 Which protocol is used to provide
encryption and authentication for voice,
video, and multimedia communications
over the Internet?

Which protocol suite is used to provide

secure communication over an IP
network by authenticating and
encrypting IP packets?

What technology is used to create a

secure, encrypted connection over a
less secure network, such as the
Internet?

What network architecture combines

security and WAN capabilities to deliver
secure access to applications and data
from any location?

Which security approach combines

multiple security features into a single
device or service on the network?

What security solution is used to

protect web applications from common
web-based threats, such as XSS and SQL
injection?

Which network security device

integrates traditional firewall features
with advanced security technologies,
such as intrusion prevention systems
(IPS) and application awareness?

Which protocol is used to establish

Security Associations (SA) and
cryptographic keys in an Internet
environment?
 Which email authentication method
allows domain owners to specify which
IP addresses are allowed to send emails
on behalf of their domain?

Which security solution enforces

security policies on devices seeking to
access a network, ensuring that only
authorized and compliant devices can
connect?

What management architecture allows

network administrators to manage and
monitor network devices through a
separate connection that is separate
from the data path?
 Protocol Port DescriptionTCP/UDP Use Case Devices Example Questi Scenario
---------- ------ ----------------------- ----------------------------------------------------------------------------------------------
HTTP 80 Serving web TCP Accessing Web serverWhat protoAccessing web pages and content over
HTTPS 443 Securely s TCP Accessing Web serverHow does Accessing web pages and content secur
FTP 20, 21 TransferrinTCP Transferri FTP serversWhat portsTransferring
a files securely between a cl
SFTP 22 Securely t TCP Transferri SFTP serverHow does SFTP Transferring files securely between a cl
SSH 22 Secure remo TCP Remotely aSSH serversHow can you Remotely accessing a server for admini
Telnet 23 Remote acce TCP Remotely aTelnet servWhy shouldRemotely accessing a device for configu
SMTP 25 Sending email TCP Sending emMail serverWhat protoco Sending email messages securely betw
POP3 110 Retrieving TCP Downloadin POP3 serveHow does POP Downloading email messages from a se
IMAP 143 Retrieving TCP Accessing IMAP serveWhat prot Accessing and managing email message
DNS 53 Resolving dTCP/UDP Convertin DNS serverHow does D Converting domain names to IP addres
DHCP 67, 68 AutomaticaUDP AutomaticaDHCP serveWhat is theAutomatically assigning IP addresses to
SNMP 161, 162 MonitoringUDP Collecting SNMP agenWhat is th Collecting and monitoring network stati
RDP 3389 Remote desTCP Remotely aRDP serverWhat prot Remotely accessing a desktop compute
LDAP 389, 636 Directory TCP Managing us LDAP serveWhat is LD Managing user access to network resou
SMB 445 File and prin TCP/UDP Sharing fileFile server How does SM Sharing files and printers over a networ
NTP 123 Synchronizin UDP SynchronizNTP serversWhy is acc Synchronizing the time between netwo
POP3S 995 Securely r TCP Retrieving POP3 serveWhat port Retrieving email messages securely from
SMTPS 465 Securely s TCP SubmittingMail serverWhat port Submitting email messages securely to
SNMP Trap 162 Sending al UDP Sending al SNMP agenHow does SSending alert messages from SNMP age
IRC 194 Internet RelayTCP/UDP Real-time tIRC serversWhat is theReal-time text messaging and commun
SSL 443 Secure Socket TCP/UDP Secure comm Web serverHow does Secure communication over the Interne
TLS 443 Transport Lay TCP/UDP Secure comm Web serverHow does Secure communication over the Interne
SRTP 5061 Secure RealTCP/UDP Secure commu VoIP serverWhat protoSecuring real-time voice communicatio
IPSEC 500, 4500 Internet Prot UDP Providing VPN gatewa What protoEstablishing secure VPN connections ov
VPN 500, 4500 Virtual Priva UDP Establishi VPN gatewa How does aEstablishing secure connections over pu
SASE - Secure Acces - Secure andSASE platfoWhat doesProviding S secure and simplified networ
UTM - Unified Thre - Comprehensiv UTM devices What are thProviding comprehensive network secu
WAF - Web Applicati - Protecting WAF devices How does Protecting web applications from cyber
NGFW - Next-Generati - Advanced nNGFW device What featuProviding advanced network security w
ISAKMP 500 Internet UDP Establishin VPN gatewa What is th Establishing and managing VPN connec
DNSSEC 53 DNS Security TCP/UDP Adding secur DNS serverHow does Adding security to the DNS protocol.
SPF - Sender Polic - PreventingEmail serveWhat is thePreventing email spoofing and phishing
NAC - Network Acces - Regulating NAC serverHow does N Regulating access to network resources
Out-of-b - Managing - Managing nNetwork dev Why is ou Managing network devices securely an
 ----------------------------------------------------------
g web pages and content over the Internet.
g web pages and content securely over the Internet.
ing files securely between a client and a server.
ing files securely between a client and a server.
y accessing a server for administration purposes.
y accessing a device for configuration and troubleshooting.
email messages securely between email servers.
ding email messages from a server to a client.
g and managing email messages stored on a server.
ng domain names to IP addresses for website access.
cally assigning IP addresses to network devices.
g and monitoring network statistics and performance data.
y accessing a desktop computer for administration.
g user access to network resources.
les and printers over a network.
izing the time between network devices.
g email messages securely from a server.
ng email messages securely to an email server.
alert messages from SNMP agents to a manager.
e text messaging and communication.
ommunication over the Internet.
ommunication over the Internet.
real-time voice communication over the Internet.
ng secure VPN connections over IP networks.
ng secure connections over public networks.
secure and simplified network connectivity.
comprehensive network security.
g web applications from cyber threats.
advanced network security with application awareness.
ng and managing VPN connections.
ecurity to the DNS protocol.
ng email spoofing and phishing attacks.
g access to network resources.
g network devices securely and independently.
Layer 7 Application Port
File Transfer Protocol (FTP) 20/21
Secure Shell (SSH) 22
SSH File Transfer Protocol 22

Simple Mail Transfer Protocol (SMTP) 25

TACACS+ 49

Domain Name System (DNS) 53

Dynamic Host Configuration Protocol 67/68
(DHCP)
Hypertext Transfer Protocol (HTTP) 80
Kerberos 88

Post Office Protocol (POP) 110

Network Time Protocol 123

Server Message Block (SMB) 139

Internet Message Access Protocol 143, 993

(IMAP)
Simple Network Management Protocol 161/ 162
(SNMP)
Lightweight Directory Access Protocol 389
(LDAP)
Hypertext Transfer Protocol Secure 443
(HTTPS)
Secure Socket Tunneling Protocol 443
(SSTP)
Server Message Block (SMB) 445

Internet Protocol Security (IPSec) using 500

ISAKMP
Simple Mail Transfer Protocol Secure 587
(SMTPS)
Lightweight Directory Access Protocol 636
Secure (LDAPS)
File Transfer Protocol Secure (FTPS) 989/ 990

Internet Message Access Protocol 993

Secure (IMAPS)
Post Office Protocol 3 Secure (POP3S) 995
Remote Authentication Dial-In User 1812, 1813
Service (RADIUS)
Remote Desktop Protocol (RDP) 3389
Diameter 3868
Secure Real Time Protocol (SRTP) 5004

Layer 4 Transport Port

Transmission Control Protocol (TCP) N/A

User Datagram Protocol (UDP) N/A

Point to Point Tunneling Protocol (PPTP) 1723

Layer 2 Data Link Port
Layer 2 Tunneling Protocol (L2TP) 1701

Point to Point Tunneling Protocol (PPTP) 1723

TCP/ UDP
TCP
TCP
TCP

TCP
TCP

UDP
UDP

TCP
TCP/ UDP

TCP

UDP
UDP

TCP

UDP

UDP

TCP

TCP

TCP

UDP

TCP
TCP

TCP

TCP

TCP
UDP

TCP
TCP
UDP

TCP/ UDP
TCP

UDP

TCP
TCP/ UDP
UDP

UDP
Use
Port 21 is the control port while port 20 is used to transfer files.
Designed to transmit data through a remote connection.
A completely separate protocol from FTP (it is not compliant with FTP servers) that use
SSH to encrypt file transfers.
Internet mail protocol used to send outgoing mail from email clients to mail servers.
Cisco proprietary protocol used for authentication, authorization, and accounting (AAA
services
Used to associate IP addresses with domain names
This network management protocol is used to assign multiple local private IP addresse
from one public IPv4 address.
Protocol used for websites and most internet traffic.
Network authentication protocol that allows for communication over a non-secure
network. Primarily uses UDP but can use TCP.
E-mail protocol that allows e-mail clients to communicate with e-mail servers. POP
provides only one-way communication.
Low latency protocol used to synchronize timekeeping across a network.
Windows proprietary protocol built on NetBIOS. Allows users to remotely access
servers. Originally used port 139 over UDP.
E-mail protocol used by e-mail clients to communicate with e-mail servers. Provides tw
way communication unlike POP.
Protocol used to monitor and manage network devices on IP networks.

Used to manage and communicate with directories.

Secure version of HTTP that used TLS for encryption. Most websites use HTTPS instea
of HTTP.
Microsoft developed SSTP technology to replace the more insecure PPTP or L2TP/IPSec
options available in Windows. SSTP uses TLS
Windows proprietary protocol built on NetBIOS. Allows users to remotely access
servers. Modern versions use port 445 and TCP.
Internet Protocol security achieved through the use of ISAKMP – Internet Security
Association and Key Management Protocol
The secure version of SMTP. Uses TLS for encryption.
Secure version of LDAP that uses TLS for encryption.

FTPS uses TLS for encryption. It can run on ports 20/21 but is sometimes allocated to
ports 989/990.
Secure version of IMAP that uses TLS for encryption.

Secure version of POP that uses TLS for encryption

Used to provide AAA for network services

This Windows proprietary protocol that enables remote connections to other computer
Developed as an upgrade to Radius
SRTP replaced RTP and is a protocol used to stream audio and video communication
using UDP.
Use
One of two main protocols of the Internet Protocol (IP) suite used to transmit data ove
an IP network. TCP provides error checking to ensure packets are not lost in transit.
The second main protocol in the IP suite that transmits datagrams in a best effort
method. UDP does not include error checking.
Based on PPP. Deprecated protocol for VPNs.
Use
Used to create point to point connections, like VPNs over a UDP connection. Needs IPS
for encryption. Designed as an extension to PPTP. Operates at the data link layer but
encapsulates packets at the session layer.
Based on PPP. Deprecated protocol for VPNs.