Post 2: Common Ports and Protocols

January 2, 2019 at | In Network Forensics | No Comments

In programming, a port is a way for the client program to specifically specify certain programs on a computer in a network, using TCP/IP. Ports have assigned numbers that have been assigned by the Internet Assigned Numbers Authority, or IANA. When a server starts, it will automatically bind to the assigned port number. Port numbers range from number 0 to 65535. Well-known ports starts from port number 1 until port number 1024. Well-known ports are for communication from the application endpoints to the TCP and UDP of the internet. In network forensics, well-known ports are very important to identify what protocol is used in the network traffic, and to analyze if the protocol had vulnerabilities in it.

Here are the list of well-known ports that should be memorized by investigators.

20(UDP) = FTP data

21(TCP/UDP) = FTP

22 = SSH

23(TCP) = Telnet

25(TCP) = SMTP

80(TCP) =HTTP

110(TCP) = POP3

143(TCP) = IMAP

443(TCP) = HTTPS

389(TCP) = LOAD

3306(TCP) = MYSQL

5432(TCP) = PostgreSQL

995(TCP) = IMAPS

993(TCP) = POP3S

564(TCP) = SMPT over SSL

587(TCP) = SMTP over TLS

123(UDP) = NTP

113(TCP) = DENTD

69(UDP) = TFTP

3128(TCP) = HTTP proxy

8080(TCP) = HTTP proxy

3389(TCP) = Remote desktop

5901(TCP) = VMC

6660-7002(TCP) = IRC

 

Source:

  • https://searchnetworking.techtarget.com/definition/well-known-port-numbers

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^